Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Red Hat Ceph Storage 存在命令注入漏洞
Vulnerability Description
Red Hat Ceph Storage是美国红帽(Red Hat)公司的一套可扩展的、开放性的软件定义存储平台。 Red Hat Ceph Storage存在命令注入漏洞,该漏洞源于允许未经身份验证的攻击者访问调试shell并提升权限,攻击者利用该漏洞可以远程执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A