VYPR

Crowbar

by Dell

Source repositories

CVEs (3)

  • CVE-2012-0434Dec 2, 2013
    risk 0.00cvss epss 0.02

    The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.

  • CVE-2012-3551Sep 5, 2012
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils.

  • CVE-2012-3537Sep 5, 2012
    risk 0.00cvss epss 0.01

    The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.