Vulnerabilities > CVE-2021-42952 - Unspecified vulnerability in Zepl

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

zepl

NVD

Published: 2022-02-25

Updated: 2022-03-08

Summary

Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.

Vulnerable Configurations

Part	Description	Count
Application	Zepl Zepl Zepl *	1

References

http://zepl.com
https://seclists.org/fulldisclosure/2022/Feb/32