Skip to content
This repository has been archived by the owner on Sep 8, 2023. It is now read-only.

Security issues, Remote Command Execution Vulnerability #1011

Closed
WangYihang opened this issue Jul 25, 2017 · 18 comments
Closed

Security issues, Remote Command Execution Vulnerability #1011

WangYihang opened this issue Jul 25, 2017 · 18 comments

Comments

@WangYihang
Copy link

Hacker can get demo.codiad.com server privileges by the vulnerability, I have send you an email about that, but did not receive a reply. more details , please contact my mailbox

@brandenwagner
Copy link
Contributor

brandenwagner commented Jul 25, 2017 via email

@cheiff
Copy link
Member

cheiff commented Jul 25, 2017

Just wrote to your email.

@WangYihang
Copy link
Author

WangYihang commented Jul 25, 2017

The detail has send to your email, if you have any questions , then let's talk by telegram, :D

@WangYihang WangYihang changed the title Security issues, Remote Code Execution Vulnerability Security issues, Remote Command Execution Vulnerability Jul 25, 2017
@daeks
Copy link
Contributor

daeks commented Jul 25, 2017

looks like that our email is dead...
thanks to @cheiff for clarying the details :)

@daeks daeks closed this as completed Jul 25, 2017
@cheiff
Copy link
Member

cheiff commented Jul 25, 2017

And thanks to @WangYihang for reporting this.

@daeks
Copy link
Contributor

daeks commented Jul 26, 2017

Anyhow, the demo project needs also to be updated :)

@cheiff
Copy link
Member

cheiff commented Jul 26, 2017 via email

@WangYihang
Copy link
Author

WangYihang commented Jul 26, 2017 via email

@cheiff
Copy link
Member

cheiff commented Jul 26, 2017 via email

@WangYihang
Copy link
Author

WangYihang commented Jul 26, 2017 via email

@cheiff
Copy link
Member

cheiff commented Jul 26, 2017 via email

@cheiff
Copy link
Member

cheiff commented Jul 26, 2017

OK, the demo server is patched. I have applied for the CVE; if it gets accepted, I will post it here.
I will write to the bitnami people. If you know of other companies using codiad, please write them or send me their contact emails.

@WangYihang
Copy link
Author

WangYihang commented Jul 27, 2017 via email

@beltran-rubo
Copy link

Hi, bitnami developer here. Thanks for posting the info. We are working on release a new Codiad version 2.8.4 today and we will publish a blog post as soon you have a CVE assigned.

@WangYihang
Copy link
Author

WangYihang commented Jul 27, 2017 via email

@beltran-rubo
Copy link

The version 2.8.4 is already published in Bitnami.

@cheiff
Copy link
Member

cheiff commented Aug 23, 2017

Hello,
we have finally received a CVE for this.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11366

@WangYihang
Copy link
Author

WangYihang commented Aug 24, 2017 via email

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants