6.9
CVE-2011-4356
- EPSS 0.05%
- Published 05.12.2011 11:55:07
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- CVE-Watchlists
- Open
LoginCelery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.
Data is provided by the National Vulnerability Database (NVD)
Celeryproject ≫ Celery Version2.1.0
Celeryproject ≫ Celery Version2.2.0
Celeryproject ≫ Celery Version2.2.1
Celeryproject ≫ Celery Version2.2.2
Celeryproject ≫ Celery Version2.2.3
Celeryproject ≫ Celery Version2.2.4
Celeryproject ≫ Celery Version2.2.5
Celeryproject ≫ Celery Version2.2.6
Celeryproject ≫ Celery Version2.2.7
Celeryproject ≫ Celery Version2.3.0
Celeryproject ≫ Celery Version2.3.1
Celeryproject ≫ Celery Version2.3.2
Celeryproject ≫ Celery Version2.3.3
Celeryproject ≫ Celery Version2.4.0
Celeryproject ≫ Celery Version2.4.1
Celeryproject ≫ Celery Version2.4.2
Celeryproject ≫ Celery Version2.4.3
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.113 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|