Hello
https://vuldb.com/?id.237695
Does proxmox use the rocker device in any way or are we safe from this? Or can this bug be exploited even if we do not add such a rocker device ?
I couldn't find much information about it, but it seems to be high-severity.
Thank you
Thank you very much!
Do you know if there are any other planned changes to this function, as parameters? As it's a breaking change from 7 to 8 and the new implementation will create a lot of issues in existing libraries.
It might be better to deprecate the command parameter and create a new...
In theory, it's a single array called command, that's how it's normally done when sending a POST with urlencode data.
The exact JSON counterpart of the above request is {"command":["\/bin\/bash","\/tmp\/myscript"]} , but sending it as JSON will require modifying all existing Proxmox libraries...
Thank you for the reply!
With curl, it should be something like this:
curl -sSk -H 'Authorization: PVEAPIToken=TOKEN' -X POST --data command[]="/bin/bash" --data command[]="/tmp/myscript" https://HOST:8006/api2/json/nodes/NODE/qemu/100/agent/exec
But it returns the same error as with my...
Hello
I have noticed that in Proxmox 8, the <command> parameter for the API call POST /api2/json/nodes/{node}/qemu/{vmid}/agent/exec has been changed from <string> to <array> in the format: [string, ...]
Does anyone have a working example with the new format?
I have tried to send it as...
Hello
Does anyone know if proxmox is vulnerable to CVE-2023-0330 and if there are any patches?
It seems to be affecting the lsi53c895a scsi controller on qemu 7.2.0.
Would simply switching to virtio-scsi be enough to mitigate this?
https://cve.report/CVE-2023-0330
Thank you very much for the reply!
It's a mistake I did as I added a node to the cluster which had only lvm-thin storages, and when I added the zfs storage in the cluster for the specific node, I left it on the default rpool. Not sure If I should transfer the VMs from it and reinstall or leave...
Hello
Are there any risks or possible issues if we use directly the rpool zfs pool for the VMs, instead of the rpool/DATA as it is by default?
Thank you
Thank you very much!
Doesn't "potentially execute arbitrary code within the context of the QEMU process" mean they could execute code on the host, as the qemu process runs as root?
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.