OpenDNS OpenResolve resolverapi/endpoints.py escalazione di privilegi

In OpenDNS OpenResolve è stato trovato un punto critico di livello problematico. É interessato una funzione sconosciuta del file resolverapi/endpoints.py. Mediante la manipolazione di un input sconosciuto conseguenza di una vulerabilità di classe escalazione di privilegi. L'advisory è scaricabile da github.com. Questa vulnerabilità è identificata come CVE-2015-10011. L'accesso alla rete locale è necessario per questo attacco. I dettagli tecnici sono conosciuti. È stato dichiarato come non definito. Il bugfix è scaricabile da github.com. Il miglior modo suggerito per attenuare il problema è applicare le correzioni al componente problematico. Una possibile soluzione è stata pubblicata già prima e non dopo la pubblicazione della vulnerabilità.

Campo02/01/2023 22:0527/01/2023 02:3527/01/2023 02:43
vendorOpenDNSOpenDNSOpenDNS
nameOpenResolveOpenResolveOpenResolve
fileresolverapi/endpoints.pyresolverapi/endpoints.pyresolverapi/endpoints.py
cwe117 (escalazione di privilegi)117 (escalazione di privilegi)117 (escalazione di privilegi)
cvss3_vuldb_acLLL
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifier9eba6ba5abd89d0e36a008921eb307fcef8c53119eba6ba5abd89d0e36a008921eb307fcef8c53119eba6ba5abd89d0e36a008921eb307fcef8c5311
urlhttps://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311
namePatchPatchPatch
patch_name9eba6ba5abd89d0e36a008921eb307fcef8c53119eba6ba5abd89d0e36a008921eb307fcef8c53119eba6ba5abd89d0e36a008921eb307fcef8c5311
patch_urlhttps://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311
advisoryquoteLog Injection Attack Vulnerability By logging the unsanitized user input, a log injection attack canoccur. This commit removes user-provided values from the logs.Log Injection Attack Vulnerability By logging the unsanitized user input, a log injection attack canoccur. This commit removes user-provided values from the logs.Log Injection Attack Vulnerability By logging the unsanitized user input, a log injection attack canoccur. This commit removes user-provided values from the logs.
cveCVE-2015-10011CVE-2015-10011CVE-2015-10011
responsibleVulDBVulDBVulDB
date1672614000 (02/01/2023)1672614000 (02/01/2023)1672614000 (02/01/2023)
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_avAAA
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.14.14.1
cvss2_vuldb_tempscore3.63.63.6
cvss3_vuldb_basescore4.64.64.6
cvss3_vuldb_tempscore4.44.44.4
cvss3_meta_basescore4.64.66.3
cvss3_meta_tempscore4.44.46.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1672614000 (02/01/2023)1672614000 (02/01/2023)
cve_nvd_summaryA vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The name of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to fix this issue. The identifier VDB-217197 was assigned to this vulnerability.A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The name of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to fix this issue. The identifier VDB-217197 was assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avA
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avA
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore4.1
cvss3_nvd_basescore9.8
cvss3_cna_basescore4.6

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!