In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1168194 | Third Party Advisory |
https://hackerone.com/reports/1168194 | Third Party Advisory |
Configurations
History
21 Nov 2024, 03:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://hackerone.com/reports/1168194 - Third Party Advisory |
07 Jun 2021, 13:28
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
References | (MISC) https://hackerone.com/reports/1168194 - Third Party Advisory | |
CPE | cpe:2.3:a:versa-networks:versa_analytics:-:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
26 May 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-26 19:15
Updated : 2024-11-21 03:52
NVD link : CVE-2018-16497
Mitre link : CVE-2018-16497
CVE.ORG link : CVE-2018-16497
JSON object : View
Products Affected
versa-networks
- versa_analytics
CWE
CWE-269
Improper Privilege Management