Bug 1477797 (CVE-2017-7552)
| Summary: | CVE-2017-7552 RHMAP Millicore IDE allows RCE on SCM | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jason Shepherd <jshepherd> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | avibelli, drusso, jbalunas, jmadigan, jmrazek, jshepherd, kpiwko, lgriffin, ngough, pbraun, pwright, rrajasek, security-response-team, tjay, tkirby |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | fh-scm-3.19.0, fh-scm-4.5.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was discovered in the file editor of millicore which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-09-26 22:53:44 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1461341 | ||
|
Description
Jason Shepherd
2017-08-03 02:08:16 UTC
Acknowledgments: Name: Tomas Rzepka This issue has been addressed in the following products: Red Hat Mobile Application Platform 4.5 Via RHSA-2017:2675 https://access.redhat.com/errata/RHSA-2017:2675 This issue has been addressed in the following products: Red Hat Mobile Application Platform 4.5 Via RHSA-2017:2674 https://access.redhat.com/errata/RHSA-2017:2674 |