CVE-2017-11610
published 2017-08-23CVE-2017-11610: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
ITWEXPLOIT
Exploited in the wild
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | supervisor | < supervisor 3.3.1-1.1 (bookworm) | supervisor 3.3.1-1.1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| redhat | cloudforms | — | — |
| supervisord | supervisor | <= 3.0 | — |
| supervisord | supervisor | — | — |
| supervisord | supervisor | — | — |
| supervisord | supervisor | — | — |
| supervisord | supervisor | — | — |
| supervisord | supervisor | — | — |
| supervisord | supervisor | — | — |
| supervisord | supervisor | — | — |
| supervisord | supervisor | — | — |
| supervisord | supervisor | — | — |
| supervisord | supervisor | — | — |
| supervisord | supervisor | — | — |
| supervisord | supervisor | >= 0 < 3.3.1-1.1 | 3.3.1-1.1 |
| supervisord | supervisor | >= 0 < 3.3.1-1.1 | 3.3.1-1.1 |
| supervisord | supervisor | >= 0 < 3.3.1-1.1 | 3.3.1-1.1 |
| supervisord | supervisor | >= 0 < 3.3.1-1.1 | 3.3.1-1.1 |
| supervisord | supervisor | >= 0 < 3.0.1 | 3.0.1 |
| supervisord | supervisor | >= 3.1.0 < 3.1.4 | 3.1.4 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck8.8HIGH