The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
During installation, installed file permissions are set to allow anyone to modify those files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Supervisor | Supervisord | 3.1.2 | 3.1.2 |
Supervisor | Supervisord | 3.3.1 | 3.3.1 |
Supervisor | Supervisord | * | 3.0 |
Supervisor | Supervisord | 3.2.3 | 3.2.3 |
Supervisor | Supervisord | 3.2.2 | 3.2.2 |
Supervisor | Supervisord | 3.2.0 | 3.2.0 |
Supervisor | Supervisord | 3.2.1 | 3.2.1 |
Supervisor | Supervisord | 3.3.2 | 3.3.2 |
Supervisor | Supervisord | 3.1.1 | 3.1.1 |
Supervisor | Supervisord | 3.1.0 | 3.1.0 |
Supervisor | Supervisord | 3.3.0 | 3.3.0 |
Supervisor | Supervisord | 3.1.3 | 3.1.3 |