Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-12T14:23:41.508Z

Updated: 2024-08-02T21:53:44.880Z

Reserved: 2023-11-24T11:53:46.294Z

Link: CVE-2023-49254

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-12T15:15:09.017

Modified: 2024-11-21T08:33:07.753

Link: CVE-2023-49254

cve-icon Redhat

No data.