CVE-2021-39174

Опубликовано: 28 авг. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (APP_KEY) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving UpdateConfigCommandHandler and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.

Ссылки

https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection/
Exploit
Third Party Advisory
https://github.com/fiveai/Cachet/releases/tag/v2.5.1
Release Notes
Third Party Advisory
https://github.com/fiveai/Cachet/security/advisories/GHSA-88f9-7xxh-c688
Third Party Advisory
https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection/
Exploit
Third Party Advisory
https://github.com/fiveai/Cachet/releases/tag/v2.5.1
Release Notes
Third Party Advisory
https://github.com/fiveai/Cachet/security/advisories/GHSA-88f9-7xxh-c688
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:catchethq:catchet:*:*:*:*:*:*:*:*

Версия до 2.5.1 (исключая)

EPSS

Процентиль: 97%

0.45357

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-75

Связанные уязвимости

CVE-2021-39174

CVSS3: 8.8

debian

больше 4 лет назад

Cachet is an open source status page system. Prior to version 2.5.1, a ...

GHSA-88f9-7xxh-c688

CVSS3: 8.8

github

больше 4 лет назад

Cachet configuration leak

EPSS

Процентиль: 97%

0.45357

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-75