CVE-2014-3593

luci 0.26.0 - Authenticated Remote Code Execution via Cluster Configuration

Title source: llm
STIX 2.1

Description

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.

References (2)

Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=989005
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1390.html

Scores

EPSS 0.0136
EPSS Percentile 68.3%

Details

CWE
CWE-94
Status published
Products (1)
scientificlinux/luci 0.26.0
Published Oct 15, 2014
Tracked Since Feb 18, 2026