Vulnerability DatabaseCVE-2017-11610
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2017-11610
August 23, 2017
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
Affected Packages
supervisor (PYTHON):
Affected version(s) >=3.1.0 <3.1.4
Fix Suggestion:
Update to version 3.1.4
supervisor (PYTHON):
Affected version(s) >=3.3.0 <3.3.3
Fix Suggestion:
Update to version 3.3.3
supervisor (PYTHON):
Affected version(s) >=a3 <3.0.1
Fix Suggestion:
Update to version 3.0.1
supervisor (PYTHON):
Affected version(s) >=3.2.0 <3.2.4
Fix Suggestion:
Update to version 3.2.4
Related ResourcesĀ (20)
https://www.exploit-db.com/exploits/42779/
https://access.redhat.com/errata/RHSA-2017:3005
https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B
https://github.com/advisories/GHSA-x7c8-4x3h-874w
https://security.gentoo.org/glsa/201709-06
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/
https://github.com/Supervisor/supervisor
https://github.com/pypa/advisory-database/tree/main/vulns/supervisor/PYSEC-2017-41.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM
http://www.debian.org/security/2017/dsa-3942
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/
https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt
https://www.exploit-db.com/exploits/42779
https://github.com/Supervisor/supervisor/issues/964
https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt
https://nvd.nist.gov/vuln/detail/CVE-2017-11610
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/
https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
ATTACKED
CVSS v3
Base Score:
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Exploit Maturity
HIGH
CVSS v2
Base Score:
9
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Incorrect Default Permissions
CWE-276
EPSS
Base Score:
93.79