Remote Command Execution and Privilege Escalation Vulnerability in Heketi Server API

Remote Command Execution and Privilege Escalation Vulnerability in Heketi Server API

CVE-2017-15103 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.

Learn more about our Cis Benchmark Audit For Server Software.