An issue exists in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows malicious users to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and execute arbitrary shell commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mitre caldera |