CVE-2017-11610

HIGH

8.8

CVSS Severity Score

EPSS Score0.1390%

EPSS Percentile36.93th

PublishedAug 23, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Affected Platforms (CPE)

📦

Supervisord

Supervisor

<= 3.0

📦

Supervisord

Supervisor

= 3.1.0

📦

Supervisord

Supervisor

= 3.1.1

📦

Supervisord

Supervisor

= 3.1.2

📦

Supervisord

Supervisor

= 3.1.3

📦

Supervisord

Supervisor

= 3.2.0

📦

Supervisord

Supervisor

= 3.2.1

📦

Supervisord

Supervisor

= 3.2.2

📦

Supervisord

Supervisor

= 3.2.3

📦

Supervisord

Supervisor

= 3.3.0

📦

Supervisord

Supervisor

= 3.3.1

📦

Supervisord

Supervisor

= 3.3.2

💻

Fedoraproject

Fedora

= 24

💻

Fedoraproject

Fedora

= 25

💻

Fedoraproject

Fedora

= 26

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

📦

Redhat

Cloudforms

= 4.5

References & Advisories

🔗 http://www.debian.org/security/2017/dsa-3942

🔗 https://access.redhat.com/errata/RHSA-2017:3005

🔗 https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt

🔗 https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt

🔗 https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt

🔗 https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt

🔗 https://github.com/Supervisor/supervisor/issues/964

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/

Vulnerability Description

Affected Platforms (CPE)

Supervisor

Supervisor

Supervisor

Supervisor

Supervisor

Supervisor

Supervisor

Supervisor

Supervisor

Supervisor

Supervisor

Supervisor

Fedora

Fedora

Fedora

Debian Linux

Debian Linux

Cloudforms

References & Advisories

Related Vulnerabilities