Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-20821

Security issue: Remote Command Execution with Privileged Escalation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 13, 14, 15
    • Fix Version/s: None
    • Component/s: System Admin (Commercial), Userman
    • Labels:
      None
    • ToDo:

      Description

      FreePBX with the following versions(or less than) of the specified modules have the potential for remote command execution that can result in privileged escalation:

      < userman v13.0.76.43
      < userman v14.0.7
      < userman v15.0.20
      < sysadmin v13.0.92
      < sysadmin v14.0.38.3
      < sysadmin v15.0.13.6

      This has been fixed in:
      >= userman v13.0.76.44
      >= userman v14.0.8
      >= userman v15.0.21
      >= sysadmin v13.0.93
      >= sysadmin v14.0.38.4
      >= sysadmin v15.0.13.7

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                wmoon Walter Moon
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.