CVE-2011-4356
Published Dec 5, 2011
Last updated 13 years ago
Overview
- Description
- Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "555E6457-BA01-495D-9C74-DAC8ABC73F24"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17008B26-22BF-4B3F-ABF8-92B2F5D1177F"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32711FCB-3289-4A8F-B7FC-2257EFE21FA3"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7698F903-4333-40ED-8BE0-4A6BA65E802F"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD41225B-801D-4E15-AD1D-E01D819539B2"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8330EC8-24F3-473A-B2C3-CD7E4C692EB9"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66E3D59A-B15B-49C7-A1AF-DF98086E45B5"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1CF69D2-BF00-4164-B86E-381A9FA5A7D2"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0442B096-79AD-4602-A316-224866EEBC3C"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AC7ECC0-222B-4BD8-A5E6-A556A94FC779"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE9EB7A3-E580-42F3-A5DC-6A736EF6A760"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1F8E8BC-6C39-4192-9CCC-4054968D1F52"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C5AF6B0-2743-47F5-8272-65ED205A96F4"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77CC8C8F-B091-4777-B27A-5AB022D7262C"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0425116B-86B0-40A0-B370-521BA595FD8B"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A8054CD-D2FD-4574-ADFC-305CBA8A171C"
},
{
"criteria": "cpe:2.3:a:celeryproject:celery:2.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5DB6D76F-96EE-4C3B-8174-9BC659765C16"
}
],
"operator": "OR"
}
]
}
]