Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ganeti多个目录遍历漏洞
Vulnerability Description
Ganeti中的iallocator框架中存在多个目录遍历漏洞,(1)远程攻击者可以借助一个HTTP远程API (RAPI)提供的人工外部脚本名称执行任意程序,并允许(2)本地用户借助一个gnt-*指令提供的一个人工外部脚本名称执行任意程序并获得特权。该漏洞与"路径卫生处理错误"相关。
CVSS Information
N/A
Vulnerability Type
N/A