Submeter #798622: choieastsea simple-openstack-mcp 767b2f4a8154cca344344b9725537a58399e6036 OS Command Injectioninformação

Títulochoieastsea simple-openstack-mcp 767b2f4a8154cca344344b9725537a58399e6036 OS Command Injection
DescriçãoThe exec_openstack MCP tool only checks that input starts with openstack, then passes the full string to subprocess.run(..., shell=True). An attacker can append shell metacharacters (for example ;) to execute arbitrary OS commands under the service account.
Fonte⚠️ https://github.com/choieastsea/simple-openstack-mcp/issues/3
Utilizador
 MidA (UID 96794)
Submissão07/04/2026 10h59 (há 21 dias)
Moderação26/04/2026 09h15 (19 days later)
EstadoAceite
Entrada VulDB359641 [choieastsea simple-openstack-mcp até 767b2f4a8154cca344344b9725537a58399e6036 server.py exec_openstack Elevação de Privilégios]
Pontos18

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!