Skip to content

Commit 1f76eee

Browse files
jasnowRubySec CI
jasnow
authored and
RubySec CI
committed
Updated advisory posts against rubysec/ruby-advisory-db@8545da5 
1 parent df9d3c6 commit 1f76eee

File tree

1 file changed

+31
-0
lines changed

1 file changed

+31
-0
lines changed

advisories/_posts/2026-02-27-CVE-2026-0980.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
---
2+
layout: advisory
3+
title: 'CVE-2026-0980 (rubyipmi): rubyipmi is vulnerable to OS Command Injection through
4+
malicious usernames'
5+
comments: false
6+
categories:
7+
- rubyipmi
8+
advisory:
9+
gem: rubyipmi
10+
cve: 2026-0980
11+
ghsa: hfcp-477w-3wjw
12+
url: https://access.redhat.com/security/cve/CVE-2026-0980
13+
title: rubyipmi is vulnerable to OS Command Injection through malicious usernames
14+
date: 2026-02-27
15+
description: |
16+
A flaw was found in rubyipmi, a gem used in the Baseboard Management
17+
Controller (BMC) component of Red Hat Satellite. An authenticated
18+
attacker with host creation or update permissions could exploit this
19+
vulnerability by crafting a malicious username for the BMC interface.
20+
This could lead to remote code execution (RCE) on the system.
21+
cvss_v3: 8.3
22+
patched_versions:
23+
- ">= 0.13.0"
24+
related:
25+
url:
26+
- https://nvd.nist.gov/vuln/detail/CVE-2026-0980
27+
- https://access.redhat.com/security/cve/CVE-2026-0980
28+
- https://bugzilla.redhat.com/show_bug.cgi?id=2429874
29+
- https://github.com/logicminds/rubyipmi/commit/252503a7b4dca68388165883b0322024e344a215
30+
- https://github.com/advisories/GHSA-hfcp-477w-3wjw
31+
---

0 commit comments

Comments
 (0)