OESA-2024-1292

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1292

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-1292.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2024-1292

Upstream

CVE-2024-24899

Published

2024-03-15T11:07:13Z

Modified

2025-09-03T06:20:05.638624Z

Summary

aops-zeus security update

Details

A host and user manager service which is the foundation of aops.

Security Fix(es):

In aops-zeus software versions 1.2.0~1.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be executed on the remote host, which may cause the remote host system to crash, suffering serious consequences of security threats and losses.(CVE-2024-24899)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / aops-zeus

Package

Name: aops-zeus
Purl: pkg:rpm/openEuler/aops-zeus&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

v1.3.1-6.oe2003sp4

Ecosystem specific

{
    "x86_64": [
        "aops-zeus-v1.3.1-6.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "aops-zeus-v1.3.1-6.oe2003sp4.src.rpm"
    ],
    "aarch64": [
        "aops-zeus-v1.3.1-6.oe2003sp4.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2024-1292.json"