CVE-2024-1367
published 2024-02-14CVE-2024-1367: A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify…
PriorityP347high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.56%
72.1th percentile
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenable | security_center | < 6.3.0 | 6.3.0 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Missing permission check in Jenkins Script Security Plugin
ghsa·2024-11-13
CVE-2024-52549 [MEDIUM] CWE-306 Missing permission check in Jenkins Script Security Plugin
Missing permission check in Jenkins Script Security Plugin
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. This allows attackers with Overall/Read permission to check for the existence of files on the controller file system. Script Security Plugin 1368.vb_b_402e3547e7 requires Overall/Administer permission for the affected form validation method.
GHSA
GHSA-mf67-jvr3-xgj9: A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application coul
ghsa_unreviewed·2024-02-15
CVE-2024-1367 [HIGH] CWE-78 GHSA-mf67-jvr3-xgj9: A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application coul
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.
Red Hat
jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability
vendor_redhat·2024-11-13·CVSS 4.3
CVE-2024-52549 [MEDIUM] CWE-862 jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability
jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system.
A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet
Red Hat
kernel: fuse: clear FR_SENT when re-adding requests into pending list
vendor_redhat·2024-06-21·CVSS 5.5
CVE-2024-38626 [MEDIUM] CWE-20 kernel: fuse: clear FR_SENT when re-adding requests into pending list
kernel: fuse: clear FR_SENT when re-adding requests into pending list
In the Linux kernel, the following vulnerability has been resolved:
fuse: clear FR_SENT when re-adding requests into pending list
The following warning was reported by lee bruce:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300
fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300
Modules linked in:
CPU: 0 PID: 8264 Comm: ab2 Not tainted 6.9.0-rc7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
RIP: 0010:fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300
......
Call Trace:
fuse_dev_do_read.constprop.0+0xd36/0x1dd0 fs/fuse/dev.c:1334
fuse_dev_read+0x166/0x200 fs/fuse/dev.c:1367
call_read_iter include/linux/fs.h:2104 [inline]
new_sync_read fs/read_write.c:395 [inline]
vfs_read+0x85b/0xba0 fs
No detection rules found.
No public exploits indexed.
Tenable
[R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.1.1, 6.2.0 and 6.2.1: SC-202403.1
blogs_tenable·2024-03-25
[R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.1.1, 6.2.0 and 6.2.1: SC-202403.1
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
[R1] Security Center Version 6.3.0 Fixes Multiple Vulnerabilities
blogs_tenable·2024-02-14
[R1] Security Center Version 6.3.0 Fixes Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2024-02-14
Published