Back to bug 2037531
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Marian Rehak | 2022-01-05 20:23:05 UTC | Depends On | 2037532, 2037533 | |
| Marian Rehak | 2022-01-05 20:23:23 UTC | Blocks | 2037535 | |
| Yadnyawalk Tale | 2022-01-06 13:13:04 UTC | Depends On | 2037710 | |
| Doc Text | A command injection vulnerability was found in distributed task queue, Celery which can leads to remote code execution. An attacker with access to result backend can reconstruct the exception class to act as a command payload which can be queried to the task to execute. The highest threat from this vulnerability is to data confidentiality integrity and availability. | |||
| Severity | high | medium | ||
| Priority | high | medium | ||
| Yadnyawalk Tale | 2022-01-06 13:31:29 UTC | Depends On | 2037740 | |
| Eric Christensen | 2022-01-06 14:44:12 UTC | Doc Text | A command injection vulnerability was found in distributed task queue, Celery which can leads to remote code execution. An attacker with access to result backend can reconstruct the exception class to act as a command payload which can be queried to the task to execute. The highest threat from this vulnerability is to data confidentiality integrity and availability. | A command injection vulnerability was found in the distributed task queue celery, which can lead to remote code execution. An attacker with access to backend results can reconstruct the exception class to act as a command payload which can be queried to the task to execute. |
| Tapas Jena | 2022-01-06 14:52:45 UTC | CC | bcoca, chousekn, davidn, jcammara, jhardy, jobarker, osapryki, relrod, sdoran, tkuratom | |
| Red Hat Bugzilla | 2022-04-23 04:25:54 UTC | CC | chousekn | |
| Red Hat Bugzilla | 2022-07-18 09:51:28 UTC | CC | mmccune | |
| Red Hat Bugzilla | 2023-03-02 08:28:30 UTC | CC | myarboro | |
| Red Hat Bugzilla | 2023-05-15 20:19:06 UTC | CC | btotty | |
| Red Hat Bugzilla | 2023-07-07 08:29:35 UTC | Assignee | security-response-team | nobody |
Back to bug 2037531