{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52336", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-11-08T13:09:39.004Z", "datePublished": "2024-11-26T15:21:13.518Z", "dateUpdated": "2025-02-03T19:52:18.467Z"}, "containers": {"cna": {"title": "Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."}], "affected": [{"versions": [{"status": "affected", "version": "2.23.0", "lessThan": "2.24.1", "versionType": "semver"}], "packageName": "tuned", "collectionURL": "https://github.com/redhat-performance/tuned", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "affected", "versions": [{"version": "0:2.24.0-2.1.20240819gitc082797f.el8fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "affected", "versions": [{"version": "0:2.24.0-2.1.20240819gitc082797f.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "affected", "versions": [{"version": "0:2.24.0-2.el9_5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::sap_hana", "cpe:/a:redhat:enterprise_linux:9::sap"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "affected", "versions": [{"version": "0:2.24.0-2.el9_5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::sap_hana", "cpe:/a:redhat:enterprise_linux:9::sap"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:10384", "name": "RHSA-2024:10384", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0879", "name": "RHSA-2025:0879", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0880", "name": "RHSA-2025:0880", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-52336", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324540", "name": "RHBZ#2324540", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}, {"url": "https://www.openwall.com/lists/oss-security/2024/11/28/1"}], "datePublic": "2024-11-26T12:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-269: Improper Privilege Management", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-11-08T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-26T12:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-02-03T19:52:18.467Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-26T16:22:02.290977Z", "id": "CVE-2024-52336", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T16:22:12.371Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-29T04:32:53.450Z"}, "references": [{"url": "https://www.openwall.com/lists/oss-security/2024/11/28/2"}, {"url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.openwall.com/lists/oss-security/2024/11/28/2"}, {"url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-29T04:32:53.450Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52336", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-26T16:22:02.290977Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T16:22:09.209Z"}}], "cna": {"title": "Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root", "credits": [{"lang": "en", "value": "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "2.23.0", "lessThan": "2.24.1", "versionType": "semver"}], "packageName": "tuned", "collectionURL": "https://github.com/redhat-performance/tuned", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:2.24.0-2.1.20240819gitc082797f.el8fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.24.0-2.1.20240819gitc082797f.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::sap_hana", "cpe:/a:redhat:enterprise_linux:9::sap"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.24.0-2.el9_5", "lessThan": "*", "versionType": "rpm"}], "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::sap_hana", "cpe:/a:redhat:enterprise_linux:9::sap"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.24.0-2.el9_5", "lessThan": "*", "versionType": "rpm"}], "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-11-08T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-26T12:00:00+00:00", "value": "Made public."}], "datePublic": "2024-11-26T12:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:10384", "name": "RHSA-2024:10384", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0879", "name": "RHSA-2025:0879", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0880", "name": "RHSA-2025:0880", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-52336", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324540", "name": "RHBZ#2324540", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}, {"url": "https://www.openwall.com/lists/oss-security/2024/11/28/1"}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "Improper Privilege Management"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-02-03T19:52:18.467Z"}, "x_redhatCweChain": "CWE-269: Improper Privilege Management"}}, "cveMetadata": {"cveId": "CVE-2024-52336", "state": "PUBLISHED", "dateUpdated": "2025-02-03T19:52:18.467Z", "dateReserved": "2024-11-08T13:09:39.004Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-11-26T15:21:13.518Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de scripts en el paquete Tuned. La funci\u00f3n `instance_create()` de D-Bus puede ser invocada por usuarios que hayan iniciado sesi\u00f3n localmente sin autenticaci\u00f3n. Esta falla permite que un usuario local sin privilegios ejecute una llamada de D-Bus con opciones `script_pre` o `script_post` que permiten pasar scripts arbitrarios con sus rutas absolutas. Estos scripts o programas ejecutables controlados por el usuario o el atacante podr\u00edan ser ejecutados por Tuned con privilegios de superusuario, lo que podr\u00eda permitir a los atacantes una escalada de privilegios local."}], "id": "CVE-2024-52336", "lastModified": "2025-02-03T20:15:33.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-11-26T16:15:17.093", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:10384"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0879"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0880"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-52336"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324540"}, {"source": "secalert@redhat.com", "url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}, {"source": "secalert@redhat.com", "url": "https://www.openwall.com/lists/oss-security/2024/11/28/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openwall.com/lists/oss-security/2024/11/28/2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2025:0880", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "tuned-0:2.24.0-2.1.20240819gitc082797f.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2025:0879", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2024:10384", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "tuned-0:2.24.0-2.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-26T00:00:00Z"}, {"advisory": "RHSA-2024:10384", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "tuned-0:2.24.0-2.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-26T00:00:00Z"}], "bugzilla": {"description": "tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root", "id": "2324540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324540"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-269", "details": ["A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.", "A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-52336", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "tuned", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "tuned", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tuned", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "tuned", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-11-26T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-52336\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-52336\nhttps://security.opensuse.org/2024/11/26/tuned-instance-create.html\nhttps://www.openwall.com/lists/oss-security/2024/11/28/1"], "statement": "The `instance_create()` D-Bus method has been added via upstream commit cddcd233 and was first part of version tag v2.23.0. Hence, versions of Tuned before 2.23.0 are unaffected. Also, note that the initial versions already contained support for the script option parameters and the `instance_name` parameter.", "threat_severity": "Important"}