Red Hat Security Advisory 2017-3005-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. The following packages have been upgraded to a later upstream version: ansible-tower, cfme, cfme-appliance, cfme-gemset, rabbitmq-server, rh-ruby23-rubygem-nokogiri, supervisor.
5d6f2f797bc66745530e056e45966de331b7f4a4d539e9494b41c8fdfc0f84eb
This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. This vulnerability can only be exploited by an authenticated client, or if supervisord has been configured to run an HTTP server without authentication. This vulnerability affects versions 3.0a1 to 3.3.2.
99930294bef23f9b9d84c06aa2386d0ad63e5b162e9d0bb0cd32b041027c9f56
Gentoo Linux Security Advisory 201709-6 - A vulnerability in Supervisor might allow remote attackers to execute arbitrary code. Versions less than 3.1.4 are affected.
011635b68c958f5be57da423de709d013640427b9a3499edbe27530caffc4ba2