exploitDog

CVE-2021-33831

Опубликовано: 07 сент. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds.

Ссылки

https://github.com/lanmarc77/CVE-2021-33831
Third Party Advisory
https://www.th-wildau.de/studieren-weiterbilden/neuigkeiten-und-veranstaltungen/corona/
Vendor Advisory
https://github.com/lanmarc77/CVE-2021-33831
Third Party Advisory
https://www.th-wildau.de/studieren-weiterbilden/neuigkeiten-und-veranstaltungen/corona/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:th-wildau:covid-19_contact_tracing:*:*:*:*:*:*:*:*

Версия до 2021-09-01 (включая)

EPSS

Процентиль: 92%

0.0803

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-770

Связанные уязвимости

GHSA-5mj3-rrxf-hqrv

CVSS3: 6.5

github

больше 3 лет назад

api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds.

EPSS

Процентиль: 92%

0.0803

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-770