exploitDog

CVE-2021-4406

Опубликовано: 10 июл. 2023

Источник: nvd

CVSS3: 9.1

CVSS3: 7.2

EPSS Низкий

Описание

An authenticated attacker is able to create alerts that trigger a stored XSS attack.

POC

go to the alert manager
open the ITSM tab
add a webhook with the URL/service token value

' -h && id | tee /tmp/ttttttddddssss #' (whitespaces are tab characters)

click add
click apply
create a test alert
The test alert will run the command

“id | tee /tmp/ttttttddddssss” as root.

after the test alert inspect

/tmp/ttttttddddssss it'll contain the ids of the root user.

Ссылки

https://csirt.divd.nl/CVE-2021-4406
Third Party Advisory
https://csirt.divd.nl/DIVD-2021-00020/
https://www.osnexus.com/products/software-defined-storage
Product
https://csirt.divd.nl/CVE-2021-4406
Third Party Advisory
https://www.divd.nl/DIVD-2021-00020
https://www.osnexus.com/products/software-defined-storage
Product
https://csirt.divd.nl/cves/CVE-2021-4406/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:*

Версия до 6.0.0.355 (исключая)

EPSS

Процентиль: 34%

0.00138

Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-77

CWE-77

Связанные уязвимости

GHSA-2xf9-j9jw-g7f7

CVSS3: 9.1

github

больше 2 лет назад

An administrator is able to execute commands as root via the alerts management dialog

EPSS

Процентиль: 34%

0.00138

Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-77

CWE-77