CVE-2024-41961
CVSS V2 None
CVSS V3 None
Description
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.
Overview
- CVE ID
- CVE-2024-41961
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-01T14:33:46.684Z
- Last Modified Date
- 2024-08-01T14:33:46.684Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q | x_refsource_CONFIRM |
https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d | x_refsource_MISC |
https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-41961 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41961 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-08-02 13:07:54 | Added to TrackCVE |