RCE in Redhat Gluster_storage

CVE-2015-5242

OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.012 (79.3th percentile) — read the EPSS interpretation.

Affected products

Redhat Gluster_storage — versions 3.1
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2015:1918 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)