Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-37940

Опубликовано: 07 дек. 2021
Источник: nvd
CVSS3: 6.8
CVSS2: 4
EPSS Низкий

Описание

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:elastic:enterprise_search:*:*:*:*:*:*:*:*
Версия до 7.16.0 (исключая)

EPSS

Процентиль: 51%
0.00282
Низкий

6.8 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918
CWE-918

Связанные уязвимости

github логотип

GHSA-xj2x-h5m7-w8gv

github
около 4 лет назад

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible.

EPSS

Процентиль: 51%
0.00282
Низкий

6.8 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918
CWE-918