Apcupsd 0.3.91 5 Cross Site Scripting Vulnerability

Summary

In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

Credit:

The information has been provided by  Jim Pingle

The original article can be found at: https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3


Details

Apcupsd is prone to a cross-site scripting vulnerability.This allows remote attackers to inject arbitrary web script or HTML via vulnerable vectors.A remote attacker can use cross-site scripting(XSS) to send a hostile script to an unsuspicious user

Vulnerable Systems:

  • Apcupsd 0.3.91 5

CVE Information:

CVE-2019-12584

Disclosure Timeline:
Publish Date:06/02/2019

Categories: News