Tag

Script-Runner

1 brief RSS

OpenC3 COSMOS Script Runner Permissions Bypass

The OpenC3 COSMOS Script Runner widget allows authenticated users to bypass API permissions checks and execute administrative actions by running specially crafted Python and Ruby scripts, leading to data manipulation and privilege escalation.

openc3 cosmos script-runner permissions-bypass privilege-escalation

2r 1t Nov 8, 2024