Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Oracle HTTP Server Other Vulnerability (CVE-2021-41617)

Description

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Remediation

References

Related Vulnerabilities

Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)

Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0)

MediaWiki Use of Hard-coded Credentials Vulnerability (CVE-2012-4381)

MySQL CVE-2016-8283 Vulnerability (CVE-2016-8283)

WordPress Plugin Advanced Custom Fields:reCAPTCHA Field Security Bypass (1.1.1)

Severity

High

Classification

CVE-2021-41617 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities