Gregory's Server@matrix9180 @pixelfed lucky not a vulnerability that gives you shell access as far as I know.
|
7 comments
@thisismissem @matrix9180 @pixelfed I'm curious how the CVE score is so high without RCE possibilities? escalation of privileges is usually in the 5-6ish range @nil @thisismissem @pixelfed yeah, something is fishy... Critical is usually reserved for "oops all root access on the host" vulns...  @matrix9180 @nil @pixelfed that's how it was scored by GitHub score calculator. https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf @thisismissem @matrix9180 @pixelfed huh. TIL what's in the CVE score: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator At least the base score. @nil @thisismissem @pixelfed yep, but I suppose it could be that high because it maybe exposes everyone's info. Going to get some rest but I'll probably see what they fixed and go from there lol @nil @matrix9180 @pixelfed so yeah, base score is 9.9 β though nist's calculator is more explanatory than GitHubs, overall score ended up being 8.4 with all the other factors |
@thisismissem @pixelfed that's good at least. Still enough access to set a global notice to everyone that their instance hasn't been upgraded and has been compromised and is still vulnerable. And urge them to pester their admins until it happens...