[Supervisor-users] Supervisor 3.3.3 Security Release

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Supervisor-users] Supervisor 3.3.3 Security Release

Mike Naberezny-2
CVE-2017-11610

A vulnerability has been found where an authenticated client can send a
malicious XML-RPC request to supervisord that will run arbitrary shell
commands on the server. The commands will be run as the same user as
supervisord.  Depending on how supervisord has been configured, this may be
root.  Supervisor 3.3.3 has been released to fix this vulnerability.  The fix
has also been backported to several older versions.  All users are advised to
upgrade.

Details:
https://github.com/Supervisor/supervisor/issues/964
_______________________________________________
Supervisor-users mailing list
[hidden email]
https://lists.supervisord.org/mailman/listinfo/supervisor-users