Luci

luci

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-3593 1Scientificlinux 1Luci May 6, 2026 Oct 15, 2014 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.
CVE-2013-4482 2Redhat Scientificlinux 2Enterprise Linux Luci Apr 29, 2026 Nov 23, 2013 N/A· v4 N/A· v3 6.2 MEDIUM· v2 Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current workin...Show more Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.Show less
CVE-2013-4481 2Redhat Scientificlinux 2Enterprise Linux Luci Apr 29, 2026 Nov 23, 2013 N/A· v4 N/A· v3 1.9 LOW· v2 Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "aut...Show more Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."Show less