Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.
References
Link | Resource |
---|---|
http://zepl.com | Product Vendor Advisory |
https://seclists.org/fulldisclosure/2022/Feb/32 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-25T19:43:22
Updated: 2022-02-26T04:10:59
Reserved: 2021-10-25T00:00:00
Link: CVE-2021-42952
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-25T20:15:08.210
Modified: 2022-03-08T16:06:39.503
Link: CVE-2021-42952
JSON object: View
Redhat Information
No data.
CWE