CVE-2021-39165

Опубликовано: 26 авг. 2021

Источник: nvd

CVSS3: 8.1

CVSS3: 6.5

CVSS2: 5

EPSS Высокий

Описание

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTrait#scopeSearch(). Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet https://github.com/CachetHQ/Cachet is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.

Ссылки

https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6
Patch
Third Party Advisory
https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc
Third Party Advisory
https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6
Patch
Third Party Advisory
https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chachethq:cachet:*:*:*:*:*:*:*:*

Версия до 2.3.18 (исключая)

EPSS

Процентиль: 100%

0.8938

Высокий

8.1 High

CVSS3

6.5 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2021-39165

CVSS3: 8.1

debian

больше 4 лет назад

Cachet is an open source status page. With Cachet prior to and includi ...

GHSA-79mg-4w23-4fqc

CVSS3: 8.1

github

больше 4 лет назад

Unauthenticated SQL Injection in Cachet

EPSS

Процентиль: 100%

0.8938

Высокий

8.1 High

CVSS3

6.5 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89