This repository has been archived by the owner on Apr 23, 2020. It is now read-only.
Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. #389
Comments
|
To date, we have not received a response or maintainer Exhibitor Web UI. Please provide information on anyone handling security issues. |
|
To date, we have not received a response and will plan for public disclosure of the reported security issue. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello,
The Cisco Talos team found a security vulnerability affecting Exhibitor Web UI. As this is a sensitive security issue, this email is to request a PGP key for further communication. An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1.
Is there a maintainer that can assist with resolution for this issue? Please provide email address and PGP so detailed report can be sent over or advise if there's a private repository to supply the information.
Please CC vulndev@cisco.com on all correspondence related to this issue.
For further information about the Cisco Vendor Vulnerability Reporting and Disclosure Policy please refer to this document which also links to our public PGP key. https://tools.cisco.com/security/center/resources/vendor_vulnerability_policy.html
The text was updated successfully, but these errors were encountered: