CVE-2021-21371 in Tenable for Jira CloudИнформация

Сводка

по MITRE • 11.03.2021

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run arbitrary commands through the yaml.load() method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. This is fixed in version 1.1.21 by using yaml.safe_load() instead of yaml.load().

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Ответственный

GitHub, Inc.

Резервировать

22.12.2020

Раскрытие

11.03.2021

Модерация

принято

Вход

VDB-171124

EPSS

0.00452

KEV

Нет

Деятельности

Очень низкий

Источники

Do you know our Splunk app?

Download it now for free!