| शीर्षक | choieastsea simple-openstack-mcp 767b2f4a8154cca344344b9725537a58399e6036 OS Command Injection |
|---|
| विवरण | The exec_openstack MCP tool only checks that input starts with openstack, then passes the full string to subprocess.run(..., shell=True). An attacker can append shell metacharacters (for example ;) to execute arbitrary OS commands under the service account.
|
|---|
| स्रोत | ⚠️ https://github.com/choieastsea/simple-openstack-mcp/issues/3 |
|---|
| उपयोगकर्ता | MidA (UID 96794) |
|---|
| सबमिशन | 07/04/2026 10:59 AM (20 दिन पहले) |
|---|
| संयम | 26/04/2026 09:15 AM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359641 [choieastsea simple-openstack-mcp तक 767b2f4a8154cca344344b9725537a58399e6036 server.py exec_openstack अधिकार वृद्धि] |
|---|
| अंक | 18 |
|---|