Description
Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://github.com/ask/celery/pull/544
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46973
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50825
Patch x_refsource_confirm
https://github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txt
Scores
EPSS
0.0035
EPSS Percentile
26.5%
Details
CWE
CWE-264
Status
published
Products (18)
celeryproject/celery
2.1.0
celeryproject/celery
2.2.0
celeryproject/celery
2.2.1
celeryproject/celery
2.2.2
celeryproject/celery
2.2.3
celeryproject/celery
2.2.4
celeryproject/celery
2.2.5
celeryproject/celery
2.2.6
celeryproject/celery
2.2.7
celeryproject/celery
2.3.0
... and 8 more
Published
Dec 05, 2011
Tracked Since
Feb 18, 2026