Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2013-4482 (GCVE-0-2013-4482)
Vulnerability from cvelistv5 – Published: 2013-11-23 11:00 – Updated: 2024-08-06 16:45
VLAI?
EPSS
Summary
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2013-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1603",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1603",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4482",
"datePublished": "2013-11-23T11:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2013-4482",
"date": "2026-04-24",
"epss": "0.00068",
"percentile": "0.20927"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:scientificlinux:luci:0.26.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2283AAF-A541-4E4D-8517-D94FAFF3E8EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ruta de b\\u00fasqueda no confiable en python-paste-script (tambi\\u00e9n conocido como paster) en Luci 0.26.0, cuando se comienza a usar el initscript, permite a usuarios locales obtener privilegios a trav\\u00e9s de un caballo de troya en el archivo .egg-info en el (1) directorio de trabajo actual o (2) sus directorios padres.\"}]",
"evaluatorComment": "http://cwe.mitre.org/data/definitions/426.html\n\n\"CWE-426: Untrusted Search Path\"",
"id": "CVE-2013-4482",
"lastModified": "2024-11-21T01:55:39.467",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 1.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2013-11-23T11:55:04.693",
"references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-1603.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=990321\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-1603.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=990321\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2013-4482\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-11-23T11:55:04.693\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ruta de b\u00fasqueda no confiable en python-paste-script (tambi\u00e9n conocido como paster) en Luci 0.26.0, cuando se comienza a usar el initscript, permite a usuarios locales obtener privilegios a trav\u00e9s de un caballo de troya en el archivo .egg-info en el (1) directorio de trabajo actual o (2) sus directorios padres.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":6.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":1.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:scientificlinux:luci:0.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2283AAF-A541-4E4D-8517-D94FAFF3E8EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1603.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=990321\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1603.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=990321\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"http://cwe.mitre.org/data/definitions/426.html\\n\\n\\\"CWE-426: Untrusted Search Path\\\"\"}}"
}
}
GSD-2013-4482
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-4482",
"description": "Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.",
"id": "GSD-2013-4482",
"references": [
"https://access.redhat.com/errata/RHSA-2013:1603"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-4482"
],
"details": "Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.",
"id": "GSD-2013-4482",
"modified": "2023-12-13T01:22:16.303770Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-1603.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=990321",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:scientificlinux:luci:0.26.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4482"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=990321",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
},
{
"name": "RHSA-2013:1603",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2019-04-22T17:48Z",
"publishedDate": "2013-11-23T11:55Z"
}
}
}
FKIE_CVE-2013-4482
Vulnerability from fkie_nvd - Published: 2013-11-23 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| scientificlinux | luci | 0.26.0 | |
| redhat | enterprise_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:scientificlinux:luci:0.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2283AAF-A541-4E4D-8517-D94FAFF3E8EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en python-paste-script (tambi\u00e9n conocido como paster) en Luci 0.26.0, cuando se comienza a usar el initscript, permite a usuarios locales obtener privilegios a trav\u00e9s de un caballo de troya en el archivo .egg-info en el (1) directorio de trabajo actual o (2) sus directorios padres."
}
],
"evaluatorComment": "http://cwe.mitre.org/data/definitions/426.html\n\n\"CWE-426: Untrusted Search Path\"",
"id": "CVE-2013-4482",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-23T11:55:04.693",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
RHSA-2013_1603
Vulnerability from csaf_redhat - Published: 2013-11-20 19:34 - Updated: 2024-11-22 06:51Summary
Red Hat Security Advisory: luci security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: Updated luci packages that fix two security issues, several bugs, and add
two enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: Luci is a web-based high availability administration application.
A flaw was found in the way the luci service was initialized. If a system
administrator started the luci service from a directory that was writable
to by a local user, that user could use this flaw to execute arbitrary code
as the root or luci user. (CVE-2013-4482)
A flaw was found in the way luci generated its configuration file. The file
was created as world readable for a short period of time, allowing a local
user to gain access to the authentication secrets stored in the
configuration file. (CVE-2013-4481)
These issues were discovered by Jan Pokorný of Red Hat.
These updated luci packages include numerous bug fixes and two
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical
Notes, linked to in the References, for information on the most significant
of these changes.
All luci users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. After installing this update, the luci service will be
restarted automatically.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file.
1.9 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
https://access.redhat.com/errata/RHSA-2013:1603
A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user.
3.7 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
https://access.redhat.com/errata/RHSA-2013:1603
References
Acknowledgments
Red Hat
Jan Pokorný
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated luci packages that fix two security issues, several bugs, and add\ntwo enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Luci is a web-based high availability administration application.\n\nA flaw was found in the way the luci service was initialized. If a system\nadministrator started the luci service from a directory that was writable\nto by a local user, that user could use this flaw to execute arbitrary code\nas the root or luci user. (CVE-2013-4482)\n\nA flaw was found in the way luci generated its configuration file. The file\nwas created as world readable for a short period of time, allowing a local\nuser to gain access to the authentication secrets stored in the\nconfiguration file. (CVE-2013-4481)\n\nThese issues were discovered by Jan Pokorn\u00fd of Red Hat.\n\nThese updated luci packages include numerous bug fixes and two\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical\nNotes, linked to in the References, for information on the most significant\nof these changes.\n\nAll luci users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. After installing this update, the luci service will be\nrestarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1603",
"url": "https://access.redhat.com/errata/RHSA-2013:1603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/luci.html#RHSA-2013-1603",
"url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/luci.html#RHSA-2013-1603"
},
{
"category": "external",
"summary": "878149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=878149"
},
{
"category": "external",
"summary": "880363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880363"
},
{
"category": "external",
"summary": "883008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883008"
},
{
"category": "external",
"summary": "886517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=886517"
},
{
"category": "external",
"summary": "886576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=886576"
},
{
"category": "external",
"summary": "917747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917747"
},
{
"category": "external",
"summary": "988998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998"
},
{
"category": "external",
"summary": "990321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
},
{
"category": "external",
"summary": "1001835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001835"
},
{
"category": "external",
"summary": "1001836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001836"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1603.json"
}
],
"title": "Red Hat Security Advisory: luci security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T06:51:13+00:00",
"generator": {
"date": "2024-11-22T06:51:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:1603",
"initial_release_date": "2013-11-20T19:34:00+00:00",
"revision_history": [
{
"date": "2013-11-20T19:34:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-11-20T19:39:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:51:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"product": {
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"product_id": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci-debuginfo@0.26.0-48.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "luci-0:0.26.0-48.el6.x86_64",
"product": {
"name": "luci-0:0.26.0-48.el6.x86_64",
"product_id": "luci-0:0.26.0-48.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci@0.26.0-48.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "luci-debuginfo-0:0.26.0-48.el6.i686",
"product": {
"name": "luci-debuginfo-0:0.26.0-48.el6.i686",
"product_id": "luci-debuginfo-0:0.26.0-48.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci-debuginfo@0.26.0-48.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "luci-0:0.26.0-48.el6.i686",
"product": {
"name": "luci-0:0.26.0-48.el6.i686",
"product_id": "luci-0:0.26.0-48.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci@0.26.0-48.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "luci-0:0.26.0-48.el6.src",
"product": {
"name": "luci-0:0.26.0-48.el6.src",
"product_id": "luci-0:0.26.0-48.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci@0.26.0-48.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.src as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-0:0.26.0-48.el6.src"
},
"product_reference": "luci-0:0.26.0-48.el6.src",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-0:0.26.0-48.el6.src"
},
"product_reference": "luci-0:0.26.0-48.el6.src",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jan Pokorn\u00fd"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-4481",
"discovery_date": "2013-07-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "988998"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "luci: short exposure of authentication secrets while generating configuration file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4481"
},
{
"category": "external",
"summary": "RHBZ#988998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4481",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4481"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4481",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4481"
}
],
"release_date": "2013-11-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-11-20T19:34:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1603"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "luci: short exposure of authentication secrets while generating configuration file"
},
{
"acknowledgments": [
{
"names": [
"Jan Pokorn\u00fd"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-4482",
"discovery_date": "2013-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "990321"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "luci: paster hidden untrusted path and \"command\" (callable association) injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4482"
},
{
"category": "external",
"summary": "RHBZ#990321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4482",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4482"
}
],
"release_date": "2013-11-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-11-20T19:34:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1603"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "luci: paster hidden untrusted path and \"command\" (callable association) injection"
}
]
}
RHSA-2013:1603
Vulnerability from csaf_redhat - Published: 2013-11-20 19:34 - Updated: 2025-11-21 17:46Summary
Red Hat Security Advisory: luci security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: Updated luci packages that fix two security issues, several bugs, and add
two enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: Luci is a web-based high availability administration application.
A flaw was found in the way the luci service was initialized. If a system
administrator started the luci service from a directory that was writable
to by a local user, that user could use this flaw to execute arbitrary code
as the root or luci user. (CVE-2013-4482)
A flaw was found in the way luci generated its configuration file. The file
was created as world readable for a short period of time, allowing a local
user to gain access to the authentication secrets stored in the
configuration file. (CVE-2013-4481)
These issues were discovered by Jan Pokorný of Red Hat.
These updated luci packages include numerous bug fixes and two
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical
Notes, linked to in the References, for information on the most significant
of these changes.
All luci users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. After installing this update, the luci service will be
restarted automatically.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file.
1.9 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
https://access.redhat.com/errata/RHSA-2013:1603
A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user.
3.7 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
https://access.redhat.com/errata/RHSA-2013:1603
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
Red Hat
Jan Pokorný
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated luci packages that fix two security issues, several bugs, and add\ntwo enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Luci is a web-based high availability administration application.\n\nA flaw was found in the way the luci service was initialized. If a system\nadministrator started the luci service from a directory that was writable\nto by a local user, that user could use this flaw to execute arbitrary code\nas the root or luci user. (CVE-2013-4482)\n\nA flaw was found in the way luci generated its configuration file. The file\nwas created as world readable for a short period of time, allowing a local\nuser to gain access to the authentication secrets stored in the\nconfiguration file. (CVE-2013-4481)\n\nThese issues were discovered by Jan Pokorn\u00fd of Red Hat.\n\nThese updated luci packages include numerous bug fixes and two\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical\nNotes, linked to in the References, for information on the most significant\nof these changes.\n\nAll luci users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. After installing this update, the luci service will be\nrestarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1603",
"url": "https://access.redhat.com/errata/RHSA-2013:1603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/luci.html#RHSA-2013-1603",
"url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/luci.html#RHSA-2013-1603"
},
{
"category": "external",
"summary": "878149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=878149"
},
{
"category": "external",
"summary": "880363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880363"
},
{
"category": "external",
"summary": "883008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883008"
},
{
"category": "external",
"summary": "886517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=886517"
},
{
"category": "external",
"summary": "886576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=886576"
},
{
"category": "external",
"summary": "917747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917747"
},
{
"category": "external",
"summary": "988998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998"
},
{
"category": "external",
"summary": "990321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
},
{
"category": "external",
"summary": "1001835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001835"
},
{
"category": "external",
"summary": "1001836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001836"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1603.json"
}
],
"title": "Red Hat Security Advisory: luci security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:46:01+00:00",
"generator": {
"date": "2025-11-21T17:46:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2013:1603",
"initial_release_date": "2013-11-20T19:34:00+00:00",
"revision_history": [
{
"date": "2013-11-20T19:34:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-11-20T19:39:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:46:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"product": {
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"product_id": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci-debuginfo@0.26.0-48.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "luci-0:0.26.0-48.el6.x86_64",
"product": {
"name": "luci-0:0.26.0-48.el6.x86_64",
"product_id": "luci-0:0.26.0-48.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci@0.26.0-48.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "luci-debuginfo-0:0.26.0-48.el6.i686",
"product": {
"name": "luci-debuginfo-0:0.26.0-48.el6.i686",
"product_id": "luci-debuginfo-0:0.26.0-48.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci-debuginfo@0.26.0-48.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "luci-0:0.26.0-48.el6.i686",
"product": {
"name": "luci-0:0.26.0-48.el6.i686",
"product_id": "luci-0:0.26.0-48.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci@0.26.0-48.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "luci-0:0.26.0-48.el6.src",
"product": {
"name": "luci-0:0.26.0-48.el6.src",
"product_id": "luci-0:0.26.0-48.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci@0.26.0-48.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.src as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-0:0.26.0-48.el6.src"
},
"product_reference": "luci-0:0.26.0-48.el6.src",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-0:0.26.0-48.el6.src"
},
"product_reference": "luci-0:0.26.0-48.el6.src",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jan Pokorn\u00fd"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-4481",
"discovery_date": "2013-07-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "988998"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "luci: short exposure of authentication secrets while generating configuration file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4481"
},
{
"category": "external",
"summary": "RHBZ#988998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4481",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4481"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4481",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4481"
}
],
"release_date": "2013-11-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-11-20T19:34:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1603"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "luci: short exposure of authentication secrets while generating configuration file"
},
{
"acknowledgments": [
{
"names": [
"Jan Pokorn\u00fd"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-4482",
"discovery_date": "2013-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "990321"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "luci: paster hidden untrusted path and \"command\" (callable association) injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4482"
},
{
"category": "external",
"summary": "RHBZ#990321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4482",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4482"
}
],
"release_date": "2013-11-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-11-20T19:34:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1603"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "luci: paster hidden untrusted path and \"command\" (callable association) injection"
}
]
}
GHSA-F585-5P5J-MVF8
Vulnerability from github – Published: 2022-05-14 01:08 – Updated: 2022-05-14 01:08
VLAI?
Details
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.
{
"affected": [],
"aliases": [
"CVE-2013-4482"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-11-23T11:55:00Z",
"severity": "MODERATE"
},
"details": "Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.",
"id": "GHSA-f585-5p5j-mvf8",
"modified": "2022-05-14T01:08:28Z",
"published": "2022-05-14T01:08:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4482"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…