← back
CVE-2021-42559

CVE-2021-42559

EPSS 2.0%
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42559-Command%20Injection%20Via%20Configurations-MITRE%20Calderahttps://github.com/mitre/caldera/releases