CVE-2021-39172

Опубликовано: 27 авг. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving UpdateConfigCommandHandler and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.

Ссылки

https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection/
Exploit
Third Party Advisory
https://github.com/fiveai/Cachet/releases/tag/v2.5.1
Release Notes
Third Party Advisory
https://github.com/fiveai/Cachet/security/advisories/GHSA-9jxw-cfrh-jxq6
Third Party Advisory
https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection/
Exploit
Third Party Advisory
https://github.com/fiveai/Cachet/releases/tag/v2.5.1
Release Notes
Third Party Advisory
https://github.com/fiveai/Cachet/security/advisories/GHSA-9jxw-cfrh-jxq6
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:catchethq:catchet:*:*:*:*:*:*:*:*

Версия до 2.5.1 (исключая)

EPSS

Процентиль: 98%

0.57897

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-93

Связанные уязвимости

CVE-2021-39172

CVSS3: 8.8

debian

больше 4 лет назад

Cachet is an open source status page system. Prior to version 2.5.1, a ...

GHSA-9jxw-cfrh-jxq6

CVSS3: 8.8

github

больше 4 лет назад

Cachet vulnerable to new line injection during configuration edition

EPSS

Процентиль: 98%

0.57897

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-93