CVE-2017-11610

nvd nist nuclei

Published: Aug 23, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Affected (18)

Products: Supervisord: Supervisor · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

Supervisord: Supervisor · Fedoraproject: Fedora · Debian: Debian Linux · Redhat: Cloudforms

1 product

1 product

1 product

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Supervisord Supervisor	Up to 3.0
Supervisord Supervisor	Version 3.1.0
Supervisord Supervisor	Version 3.1.1
Supervisord Supervisor	Version 3.1.2
Supervisord Supervisor	Version 3.1.3
Supervisord Supervisor	Version 3.2.0
Supervisord Supervisor	Version 3.2.1
Supervisord Supervisor	Version 3.2.2
Supervisord Supervisor	Version 3.2.3
Supervisord Supervisor	Version 3.3.0
Supervisord Supervisor	Version 3.3.1
Supervisord Supervisor	Version 3.3.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 24
Fedoraproject Fedora	Version 25
Fedoraproject Fedora	Version 26

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms	Version 4.5

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (24)

http://www.debian.org/security/2017/dsa-3942

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:3005

Source: cve@mitre.org

Third Party Advisory

https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/Supervisor/supervisor/issues/964

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/

Source: cve@mitre.org

https://security.gentoo.org/glsa/201709-06

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/42779/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.debian.org/security/2017/dsa-3942

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:3005

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://github.com/Supervisor/supervisor/issues/964

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201709-06

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.exploit-db.com/exploits/42779/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.