CVE-2022-37425

Summary

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion.

Affected Software

VendorProductVersion RangeStatus
n/an/an/aaffected

Weaknesses

  • n/a

Workarounds

Do not allow regular users to use the FILES directive inside their VM templates, instead set up a context files datastore, and allow users to upload and reference their files from that datastore, using the FILES_DS directive.

ADP Enrichment

CVE Program Container

Additional References

References