We found results for “”
CVE-2017-9274
Date: December 7, 2017
A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
OS Command Injections
CWE-78CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | NONE |
Confidentiality (C): | COMPLETE |
Integrity (I): | COMPLETE |
Availability (A): | COMPLETE |
Additional information: |