{"containers": {"cna": {"affected": [{"product": "Fluentd", "vendor": "Cloud Native Computing Foundation (CNCF)", "versions": [{"status": "affected", "version": "0.12.29 through 0.12.40"}]}], "datePublic": "2017-12-08T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Escape Sequence Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-20T09:57:01.000Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "RHSA-2018:2225", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2225"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/fluent/fluentd/pull/1733"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2017-10906", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fluentd", "version": {"version_data": [{"version_value": "0.12.29 through 0.12.40"}]}}]}, "vendor_name": "Cloud Native Computing Foundation (CNCF)"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escape Sequence Injection"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:2225", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2225"}, {"name": "https://jvn.jp/en/vu/JVNVU95124098/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"}, {"name": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes", "refsource": "CONFIRM", "url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"}, {"name": "https://github.com/fluent/fluentd/pull/1733", "refsource": "CONFIRM", "url": "https://github.com/fluent/fluentd/pull/1733"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:50:12.579Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2018:2225", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2225"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/fluent/fluentd/pull/1733"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2017-10906", "datePublished": "2017-12-08T15:00:00.000Z", "dateReserved": "2017-07-04T00:00:00.000Z", "dateUpdated": "2024-08-05T17:50:12.579Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.29:*:*:*:*:*:*:*", "matchCriteriaId": "E239F1C0-FF43-4BAA-9D5B-3B7E9FEA327C", "vulnerable": true}, {"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.30:*:*:*:*:*:*:*", "matchCriteriaId": "2086C8D1-DDC8-4074-95E5-82865839DCA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.31:*:*:*:*:*:*:*", "matchCriteriaId": "8BC7FD40-1F7D-4A02-98DC-08A076DDD927", "vulnerable": true}, {"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.32:*:*:*:*:*:*:*", "matchCriteriaId": "93F62B56-8953-4EE8-94B8-64E354EC60D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.33:*:*:*:*:*:*:*", "matchCriteriaId": "ABC5C48D-08B0-4477-AB11-168429985D3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.34:*:*:*:*:*:*:*", "matchCriteriaId": "46F12BEC-8EDE-47B2-ADBF-EAF5FDB56E19", "vulnerable": true}, {"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.35:*:*:*:*:*:*:*", "matchCriteriaId": "E27DE234-F139-4964-A0C2-6AFEB48E3712", "vulnerable": true}, {"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.36:*:*:*:*:*:*:*", "matchCriteriaId": "4257D676-4D0B-4470-BEA6-437CE56DF3FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.37:*:*:*:*:*:*:*", "matchCriteriaId": "35209FD8-F148-446B-8FE9-36AD908D9A91", "vulnerable": true}, {"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.38:*:*:*:*:*:*:*", "matchCriteriaId": "6DCDBCBA-8F48-47E0-8E04-D69890CAC887", "vulnerable": true}, {"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.39:*:*:*:*:*:*:*", "matchCriteriaId": "5D3BAA6D-4AB9-4323-A799-D5B2DAA65785", "vulnerable": true}, {"criteria": "cpe:2.3:a:fluentd:fluentd:0.12.40:*:*:*:*:*:*:*", "matchCriteriaId": "D89D4AAD-EE06-4485-A2F7-04B8222B6968", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de secuencias de escape en Fluentd en las versiones 0.12.29 hasta la 0.12.40 podr\u00eda permitir que un atacante cambie la interfaz de usuario del terminal o ejecute comandos arbitrarios en el dispositivo mediante vectores sin especificar."}], "id": "CVE-2017-10906", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-08T15:29:00.260", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2225"}, {"source": "vultures@jpcert.or.jp", "tags": ["Issue Tracking", "Release Notes", "Third Party Advisory"], "url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"}, {"source": "vultures@jpcert.or.jp", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/fluent/fluentd/pull/1733"}, {"source": "vultures@jpcert.or.jp", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2225"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Release Notes", "Third Party Advisory"], "url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/fluent/fluentd/pull/1733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:2225", "cpe": "cpe:/a:redhat:openstack-optools:13::el7", "package": "fluentd-0:0.12.41-1.el7", "product_name": "Red Hat OpenStack Platform 13.0 Operational Tools for RHEL 7", "release_date": "2018-07-19T00:00:00Z"}], "bugzilla": {"description": "fluentd: Escape sequence injection in filter_parser.rb:filter_stream can lead to arbitrary command execution when processing logs", "id": "1524783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524783"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-138", "details": ["Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."], "name": "CVE-2017-10906", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3", "fix_state": "Affected", "package_name": "fluentd", "product_name": "Red Hat OpenShift Enterprise 3"}, {"cpe": "cpe:/a:redhat:openstack-optools:10", "fix_state": "Will not fix", "package_name": "fluentd", "product_name": "Red Hat OpenStack Platform 10 (Newton) Operational Tools"}, {"cpe": "cpe:/a:redhat:openstack-optools:11", "fix_state": "Will not fix", "package_name": "fluentd", "product_name": "Red Hat OpenStack Platform 11 (Ocata) Operational Tools"}, {"cpe": "cpe:/a:redhat:openstack-optools:12", "fix_state": "Will not fix", "package_name": "fluentd", "product_name": "Red Hat OpenStack Platform 12 (Pike) Operational Tools"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Will not fix", "package_name": "fluentd", "product_name": "Red Hat Virtualization 4"}], "public_date": "2017-11-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-10906\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10906"], "statement": "This flaw requires particular preconditions to be exploitable, which are not common in supported deployments of fluentd. The vulnerable system must have all of:\n1. A filter_parser enabled in fluentd.conf\n2. Fluentd running in non-daemon mode or a bad syslog server that doesn't sanitise escape sequences (rsyslog does)\n3. A vulnerable terminal that happens to be running fluentd or manipulating the fluentd log file (for example tailing it)\nThis issue affects the versions of fluentd as shipped with Red Hat OpenShift Enterprise 3. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}

{}