← Retour aux CVEs
CVE-2026-32102
MEDIUM6.5
Description
OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure.
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie3/11/2026
Derniere modification3/17/2026
Sourcenvd
Observations honeypot0
Produits affectes
olivetin:olivetin
Faiblesses (CWE)
CWE-284CWE-863
References
https://github.com/OliveTin/OliveTin/security/advisories/GHSA-228v-wc5r-j8m7(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.