CVE-2024-41961

Elektra vulnerable to remote code execution in universal search

Description

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.

Category

9.6
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 0.23%
Affected: sapcc elektra
Published at:
Updated at:

References

Link Tags
https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q
https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d
https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02

Frequently Asked Questions

What is the severity of CVE-2024-41961?
CVE-2024-41961 has been scored as a critical severity vulnerability.
How to fix CVE-2024-41961?
To fix CVE-2024-41961, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-41961 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-41961 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-41961?
CVE-2024-41961 affects sapcc elektra.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.