Remote Code Execution Vulnerability in OpenGrok by Oracle
CVE-2021-2322

8.8HIGH

Key Information:

Vendor: Oracle
Status: Opengrok
Vendor: CVE Published:; 23 June 2021

Summary

This security issue in OpenGrok allows a low-privileged attacker with network access via HTTPS to execute unauthorized commands, potentially leading to a complete takeover of the system. Users running versions 1.6.7 and prior are at risk of exploitation. By leveraging this vulnerability, attackers may achieve significant impacts on confidentiality, integrity, and availability of the affected systems. It is crucial for organizations using OpenGrok to apply necessary updates and mitigate possible threats.

Affected Version(s)

OpenGrok 1.6.7 and prior

References

https://www.oracle.com/security-alerts/oracle-open-source...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 23, 2021
Vulnerability Reserved
Dec 9, 2020