Security Advisory

CVE-2022-24552

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-06 20:18:25

Last updated 2024-08-03 04:13:56

Assigner mitre

State PUBLISHED

Description

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633.

← Browse all CVEs View on cve.org ↗