CVE-2016-1000003
critical
CVSS v3
9.8
CVSS v2
7.5
VIR risk
9.8
Description
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://github.com/fedora-infra/mirrormanager2/commit/eb9b542bc818071b9eee41c3583b7e6e172b3a53.patch
Vendor advisory: cve@mitre.org — https://github.com/fedora-infra/mirrormanager2/commit/2e227f6023477cbdbefd577f15d0846aa40c8775.patch
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mirror_manager_project | mirror_manager | {"endIncluding":"0.7.2"} | |
References
- https://github.com/fedora-infra/mirrormanager2/commit/2e227f6023477cbdbefd577f15d0846aa40c8775.patch
- https://github.com/fedora-infra/mirrormanager2/commit/eb9b542bc818071b9eee41c3583b7e6e172b3a53.patch
- https://github.com/fedora-infra/mirrormanager2/commit/2e227f6023477cbdbefd577f15d0846aa40c8775.patch
- https://github.com/fedora-infra/mirrormanager2/commit/eb9b542bc818071b9eee41c3583b7e6e172b3a53.patch
CWEs
CWE-94
Verify integrity in audit chain (admin only). AS-IS.