提交 #798622: choieastsea simple-openstack-mcp 767b2f4a8154cca344344b9725537a58399e6036 OS Command Injection信息

标题choieastsea simple-openstack-mcp 767b2f4a8154cca344344b9725537a58399e6036 OS Command Injection
描述The exec_openstack MCP tool only checks that input starts with openstack, then passes the full string to subprocess.run(..., shell=True). An attacker can append shell metacharacters (for example ;) to execute arbitrary OS commands under the service account.
来源⚠️ https://github.com/choieastsea/simple-openstack-mcp/issues/3
用户
 MidA (UID 96794)
提交2026-04-07 10時59分 (21 日前)
管理2026-04-26 09時15分 (19 days later)
状态已接受
VulDB条目359641 [choieastsea simple-openstack-mcp 直到 767b2f4a8154cca344344b9725537a58399e6036 server.py exec_openstack 权限提升]
积分18

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!