Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Execution of untrusted code through config file
Vulnerability Description
Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run arbitrary commands through the yaml.load() method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. This is fixed in version 1.1.21 by using yaml.safe_load() instead of yaml.load().
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Alex Weber Tenable 代码问题漏洞
Vulnerability Description
Alex Weber Tenable是 Alex Weber开源的一个应用软件。用于洞悉任何平台上每项资产的风险暴露状况。 Tenable for Jira Cloud 存在安全漏洞,该漏洞允许具有本地访问主机权限的攻击者通过使用一个特别制作的YAML配置文件运行应用程序来运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A