Lucene search
HistoryNov 23, 2013 - 11:55 a.m.
CVE-2013-4482
cve-2013-4482
python
paste-script
paster
luci 0.26.0
vulnerability
privilege escalation
trojan horse
6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.
Affected configurations
Node
scientificlinuxluciMatch0.26.0
ORredhatenterprise_linuxMatch6.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| scientificlinux:luci | scientificlinux luci | eq | 0.26.0 |
| redhat:enterprise_linux | redhat enterprise linux | eq | 6.0 |
Related
nvd
nvd
CVE-2013-4482
2013-11-23 11:55:04
prion
prion
Design/Logic Flaw
2013-11-23 11:55:00
cvelist
cvelist
CVE-2013-4482
2013-11-23 11:00:00
centos
centos
luci security update
2013-11-26 13:32:13
nessus
nessus
RHEL 6 : luci (RHSA-2013:1603)
2013-11-21 00:00:00
Scientific Linux Security Update : luci on SL6.x i386/x86_64 (20131121)
2013-12-04 00:00:00
CentOS 6 : luci (CESA-2013:1603)
2014-11-12 00:00:00
redhat
redhat
(RHSA-2013:1603) Moderate: luci security, bug fix, and enhancement update
2013-11-21 00:00:00
veracode
veracode
Elevation Of Privileges By An Untrusted Search Path Vulnerability
2019-05-02 04:58:57
6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2013-4482