Vulnerability Details CVE-2020-10789
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://github.com/it-novum/openITCOCKPIT/commit/73b5b34afa8bd82ff26c0097558341214c768cfc
- https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/
- https://github.com/it-novum/openITCOCKPIT/commit/73b5b34afa8bd82ff26c0097558341214c768cfc
- https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/
Products affected by CVE-2020-10789
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-10
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-12
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-13
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-14
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-15
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-16
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-4
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-5
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-6
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-8
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-3
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-4
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-6
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-7
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-8
-
cpe:2.3:a:it-novum:openitcockpit:3.0.4
-
cpe:2.3:a:it-novum:openitcockpit:3.0.5
-
cpe:2.3:a:it-novum:openitcockpit:3.0.6-1
-
cpe:2.3:a:it-novum:openitcockpit:3.0.6-2
-
cpe:2.3:a:it-novum:openitcockpit:3.0.7
-
cpe:2.3:a:it-novum:openitcockpit:3.0.8
-
cpe:2.3:a:it-novum:openitcockpit:3.0.8-2
-
cpe:2.3:a:it-novum:openitcockpit:3.0.8-3
-
cpe:2.3:a:it-novum:openitcockpit:3.0.9
-
cpe:2.3:a:it-novum:openitcockpit:3.1.0
-
cpe:2.3:a:it-novum:openitcockpit:3.1.1
-
cpe:2.3:a:it-novum:openitcockpit:3.1.5
-
cpe:2.3:a:it-novum:openitcockpit:3.2.0
-
cpe:2.3:a:it-novum:openitcockpit:3.3.0
-
cpe:2.3:a:it-novum:openitcockpit:3.3.0-3
-
cpe:2.3:a:it-novum:openitcockpit:3.4.2
-
cpe:2.3:a:it-novum:openitcockpit:3.4.3
-
cpe:2.3:a:it-novum:openitcockpit:3.5.0
-
cpe:2.3:a:it-novum:openitcockpit:3.6.0
-
cpe:2.3:a:it-novum:openitcockpit:3.6.1
-
cpe:2.3:a:it-novum:openitcockpit:3.6.1.2
-
cpe:2.3:a:it-novum:openitcockpit:3.7.1
-
cpe:2.3:a:it-novum:openitcockpit:3.7.2