RHSA-2013:1603
Vulnerability from csaf_redhat - Published: 2013-11-20 19:34 - Updated: 2025-11-21 17:46Summary
Red Hat Security Advisory: luci security, bug fix, and enhancement update
Notes
Topic
Updated luci packages that fix two security issues, several bugs, and add
two enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Luci is a web-based high availability administration application.
A flaw was found in the way the luci service was initialized. If a system
administrator started the luci service from a directory that was writable
to by a local user, that user could use this flaw to execute arbitrary code
as the root or luci user. (CVE-2013-4482)
A flaw was found in the way luci generated its configuration file. The file
was created as world readable for a short period of time, allowing a local
user to gain access to the authentication secrets stored in the
configuration file. (CVE-2013-4481)
These issues were discovered by Jan Pokorný of Red Hat.
These updated luci packages include numerous bug fixes and two
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical
Notes, linked to in the References, for information on the most significant
of these changes.
All luci users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. After installing this update, the luci service will be
restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated luci packages that fix two security issues, several bugs, and add\ntwo enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Luci is a web-based high availability administration application.\n\nA flaw was found in the way the luci service was initialized. If a system\nadministrator started the luci service from a directory that was writable\nto by a local user, that user could use this flaw to execute arbitrary code\nas the root or luci user. (CVE-2013-4482)\n\nA flaw was found in the way luci generated its configuration file. The file\nwas created as world readable for a short period of time, allowing a local\nuser to gain access to the authentication secrets stored in the\nconfiguration file. (CVE-2013-4481)\n\nThese issues were discovered by Jan Pokorn\u00fd of Red Hat.\n\nThese updated luci packages include numerous bug fixes and two\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical\nNotes, linked to in the References, for information on the most significant\nof these changes.\n\nAll luci users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. After installing this update, the luci service will be\nrestarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1603",
"url": "https://access.redhat.com/errata/RHSA-2013:1603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/luci.html#RHSA-2013-1603",
"url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/luci.html#RHSA-2013-1603"
},
{
"category": "external",
"summary": "878149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=878149"
},
{
"category": "external",
"summary": "880363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880363"
},
{
"category": "external",
"summary": "883008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883008"
},
{
"category": "external",
"summary": "886517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=886517"
},
{
"category": "external",
"summary": "886576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=886576"
},
{
"category": "external",
"summary": "917747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917747"
},
{
"category": "external",
"summary": "988998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998"
},
{
"category": "external",
"summary": "990321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
},
{
"category": "external",
"summary": "1001835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001835"
},
{
"category": "external",
"summary": "1001836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001836"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1603.json"
}
],
"title": "Red Hat Security Advisory: luci security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:46:01+00:00",
"generator": {
"date": "2025-11-21T17:46:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2013:1603",
"initial_release_date": "2013-11-20T19:34:00+00:00",
"revision_history": [
{
"date": "2013-11-20T19:34:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-11-20T19:39:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:46:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"product": {
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"product_id": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci-debuginfo@0.26.0-48.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "luci-0:0.26.0-48.el6.x86_64",
"product": {
"name": "luci-0:0.26.0-48.el6.x86_64",
"product_id": "luci-0:0.26.0-48.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci@0.26.0-48.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "luci-debuginfo-0:0.26.0-48.el6.i686",
"product": {
"name": "luci-debuginfo-0:0.26.0-48.el6.i686",
"product_id": "luci-debuginfo-0:0.26.0-48.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci-debuginfo@0.26.0-48.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "luci-0:0.26.0-48.el6.i686",
"product": {
"name": "luci-0:0.26.0-48.el6.i686",
"product_id": "luci-0:0.26.0-48.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci@0.26.0-48.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "luci-0:0.26.0-48.el6.src",
"product": {
"name": "luci-0:0.26.0-48.el6.src",
"product_id": "luci-0:0.26.0-48.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/luci@0.26.0-48.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.src as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-0:0.26.0-48.el6.src"
},
"product_reference": "luci-0:0.26.0-48.el6.src",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-0:0.26.0-48.el6.src"
},
"product_reference": "luci-0:0.26.0-48.el6.src",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.i686",
"relates_to_product_reference": "6Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "luci-debuginfo-0:0.26.0-48.el6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
},
"product_reference": "luci-debuginfo-0:0.26.0-48.el6.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jan Pokorn\u00fd"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-4481",
"discovery_date": "2013-07-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "988998"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "luci: short exposure of authentication secrets while generating configuration file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4481"
},
{
"category": "external",
"summary": "RHBZ#988998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4481",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4481"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4481",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4481"
}
],
"release_date": "2013-11-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-11-20T19:34:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1603"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "luci: short exposure of authentication secrets while generating configuration file"
},
{
"acknowledgments": [
{
"names": [
"Jan Pokorn\u00fd"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-4482",
"discovery_date": "2013-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "990321"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "luci: paster hidden untrusted path and \"command\" (callable association) injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4482"
},
{
"category": "external",
"summary": "RHBZ#990321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4482",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4482"
}
],
"release_date": "2013-11-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-11-20T19:34:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1603"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-HighAvailability:luci-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.src",
"6Server-HighAvailability:luci-0:0.26.0-48.el6.x86_64",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-HighAvailability:luci-debuginfo-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.src",
"6Server-ResilientStorage:luci-0:0.26.0-48.el6.x86_64",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.i686",
"6Server-ResilientStorage:luci-debuginfo-0:0.26.0-48.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "luci: paster hidden untrusted path and \"command\" (callable association) injection"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…