10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.228 Low
EPSS
Percentile
96.5%
The get_rpm_nvr_by_file_path_temporary function in util.py in
setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary
commands via shell metacharacters in a file name.
Author | Note |
---|---|
sbeattie | failure to sanitize an rpm command, passed into dbus service not likely to matter on debian/ubuntu |