CVE-2024-24892

HIGH

openEuler migration-tools <1.0.1 - Command Injection

Title source: llm

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. This issue affects migration-tools: from 1.0.0 through 1.0.1.

References (2)

Core 2

Core References

Various Sources

https://gitee.com/src-openeuler/migration-tools/pulls/12

Various Sources

https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275

Scores

CVSS v3 8.1

EPSS 0.0092

EPSS Percentile 55.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-269 CWE-78

Status published

Products (1)

openEuler/migration-tools 1.0.0 - 1.0.1

Published Mar 25, 2024

Tracked Since Feb 18, 2026