An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.
History

Thu, 14 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 10 Oct 2024 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-434

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-12T14:24:32.311Z

Updated: 2024-11-14T14:31:31.639Z

Reserved: 2023-11-24T11:53:46.294Z

Link: CVE-2023-49257

cve-icon Vulnrichment

Updated: 2024-08-02T21:53:45.304Z

cve-icon NVD

Status : Modified

Published: 2024-01-12T15:15:09.230

Modified: 2024-11-21T08:33:08.160

Link: CVE-2023-49257

cve-icon Redhat

No data.