Candidate: CVE-2020-13124
PublicDate: 2020-08-11 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13124
 https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2
 https://github.com/sabnzbd/sabnzbd/commit/dfcba6e2fb37f58fea06b453b1ba258c7f110429
 https://github.com/sabnzbd/sabnzbd/commit/73d3f7b5c248fc369de3454fe53e3e93924ebfe3
Description:
 SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the
 web configuration interface that permits an authenticated user to execute
 arbitrary Python commands on the underlying operating system.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_sabnzbdplus:
upstream_sabnzbdplus: needs-triage
precise/esm_sabnzbdplus: DNE
trusty_sabnzbdplus: ignored (out of standard support)
trusty/esm_sabnzbdplus: DNE
xenial_sabnzbdplus: ignored (end of standard support, was needs-triage)
bionic_sabnzbdplus: needs-triage
focal_sabnzbdplus: needs-triage
groovy_sabnzbdplus: ignored (reached end-of-life)
hirsute_sabnzbdplus: ignored (reached end-of-life)
impish_sabnzbdplus: needs-triage
jammy_sabnzbdplus: needs-triage
devel_sabnzbdplus: needs-triage