CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVE-2021-38540 (GCVE-0-2021-38540)
Vulnerability from cvelistv5 – Published: 2021-09-09 15:05 – Updated: 2024-08-04 01:44
VLAI
Title
Apache Airflow: Variable Import endpoint missed authentication check
Summary
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.
Severity
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/rb34c3dd1a81… | x_refsource_MISC |
| https://lists.apache.org/thread.html/rac2ed9118f6… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Affected:
Apache Airflow , < 2.1.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb34c3dd1a815456355217eef34060789f771b6f77c3a3dec77de2064%40%3Cusers.airflow.apache.org%3E"
},
{
"name": "[announce] 20210909 CVE-2021-38540: Apache Airflow: Variable Import endpoint missed authentication check",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rac2ed9118f64733e47b4f1e82ddc8c8020774698f13328ca742b03a2%40%3Cannounce.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.1.3",
"status": "affected",
"version": "Apache Airflow",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Airflow would like to thank Nathan Jones, National Australia Bank\u2019s Offensive Security Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "The variable import endpoint was not protected by authentication in Airflow \u003e=2.0.0, \u003c2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow \u003e=2.0.0, \u003c2.1.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T19:06:12.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rb34c3dd1a815456355217eef34060789f771b6f77c3a3dec77de2064%40%3Cusers.airflow.apache.org%3E"
},
{
"name": "[announce] 20210909 CVE-2021-38540: Apache Airflow: Variable Import endpoint missed authentication check",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rac2ed9118f64733e47b4f1e82ddc8c8020774698f13328ca742b03a2%40%3Cannounce.apache.org%3E"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Airflow: Variable Import endpoint missed authentication check",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to Apache Airflow \u003e=2.1.3"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-38540",
"STATE": "PUBLIC",
"TITLE": "Apache Airflow: Variable Import endpoint missed authentication check"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Airflow",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache Airflow",
"version_value": "2.1.3"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Airflow would like to thank Nathan Jones, National Australia Bank\u2019s Offensive Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The variable import endpoint was not protected by authentication in Airflow \u003e=2.0.0, \u003c2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow \u003e=2.0.0, \u003c2.1.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/rb34c3dd1a815456355217eef34060789f771b6f77c3a3dec77de2064%40%3Cusers.airflow.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rb34c3dd1a815456355217eef34060789f771b6f77c3a3dec77de2064%40%3Cusers.airflow.apache.org%3E"
},
{
"name": "[announce] 20210909 CVE-2021-38540: Apache Airflow: Variable Import endpoint missed authentication check",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rac2ed9118f64733e47b4f1e82ddc8c8020774698f13328ca742b03a2@%3Cannounce.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Upgrade to Apache Airflow \u003e=2.1.3"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-38540",
"datePublished": "2021-09-09T15:05:09.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39167 (GCVE-0-2021-39167)
Vulnerability from cvelistv5 – Published: 2021-08-26 23:35 – Updated: 2024-08-04 01:58
VLAI
Title
TimelockController vulnerability in OpenZeppelin Contracts
Summary
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.
Severity
10 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/OpenZeppelin/openzeppelin-cont… | x_refsource_MISC |
| https://github.com/OpenZeppelin/openzeppelin-cont… | x_refsource_MISC |
| https://github.com/OpenZeppelin/openzeppelin-cont… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenZeppelin | openzeppelin-contracts |
Affected:
>=4.0.0, < 4.3.1
Affected: >=3.3.0, < 3.4.2 Affected: >= 3.3.0-solc-0.7, < 3.4.2-solc-0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openzeppelin-contracts",
"vendor": "OpenZeppelin",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c 4.3.1"
},
{
"status": "affected",
"version": "\u003e=3.3.0, \u003c 3.4.2"
},
{
"status": "affected",
"version": "\u003e= 3.3.0-solc-0.7, \u003c 3.4.2-solc-0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team\u0027s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T23:35:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr"
}
],
"source": {
"advisory": "GHSA-fg47-3c2x-m2wr",
"discovery": "UNKNOWN"
},
"title": "TimelockController vulnerability in OpenZeppelin Contracts",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39167",
"STATE": "PUBLIC",
"TITLE": "TimelockController vulnerability in OpenZeppelin Contracts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openzeppelin-contracts",
"version": {
"version_data": [
{
"version_value": "\u003e=4.0.0, \u003c 4.3.1"
},
{
"version_value": "\u003e=3.3.0, \u003c 3.4.2"
},
{
"version_value": "\u003e= 3.3.0-solc-0.7, \u003c 3.4.2-solc-0.7"
}
]
}
}
]
},
"vendor_name": "OpenZeppelin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team\u0027s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5",
"refsource": "MISC",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5"
},
{
"name": "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431",
"refsource": "MISC",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431"
},
{
"name": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr",
"refsource": "CONFIRM",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr"
}
]
},
"source": {
"advisory": "GHSA-fg47-3c2x-m2wr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39167",
"datePublished": "2021-08-26T23:35:16.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:58:18.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39168 (GCVE-0-2021-39168)
Vulnerability from cvelistv5 – Published: 2021-08-26 23:35 – Updated: 2024-08-04 01:58
VLAI
Title
TimelockController vulnerability in OpenZeppelin Contracts
Summary
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.
Severity
10 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/OpenZeppelin/openzeppelin-cont… | x_refsource_CONFIRM |
| https://github.com/OpenZeppelin/openzeppelin-cont… | x_refsource_MISC |
| https://github.com/OpenZeppelin/openzeppelin-cont… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenZeppelin | openzeppelin-contracts-upgradeable |
Affected:
>=4.0.0, < 4.3.1
Affected: >=3.3.0, < 3.4.2 Affected: >= 3.3.0-solc-0.7, < 3.4.2-solc-0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-vrw4-w73r-6mm8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openzeppelin-contracts-upgradeable",
"vendor": "OpenZeppelin",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c 4.3.1"
},
{
"status": "affected",
"version": "\u003e=3.3.0, \u003c 3.4.2"
},
{
"status": "affected",
"version": "\u003e= 3.3.0-solc-0.7, \u003c 3.4.2-solc-0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team\u0027s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T23:35:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-vrw4-w73r-6mm8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431"
}
],
"source": {
"advisory": "GHSA-vrw4-w73r-6mm8",
"discovery": "UNKNOWN"
},
"title": "TimelockController vulnerability in OpenZeppelin Contracts",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39168",
"STATE": "PUBLIC",
"TITLE": "TimelockController vulnerability in OpenZeppelin Contracts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openzeppelin-contracts-upgradeable",
"version": {
"version_data": [
{
"version_value": "\u003e=4.0.0, \u003c 4.3.1"
},
{
"version_value": "\u003e=3.3.0, \u003c 3.4.2"
},
{
"version_value": "\u003e= 3.3.0-solc-0.7, \u003c 3.4.2-solc-0.7"
}
]
}
}
]
},
"vendor_name": "OpenZeppelin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team\u0027s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-vrw4-w73r-6mm8",
"refsource": "CONFIRM",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-vrw4-w73r-6mm8"
},
{
"name": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5",
"refsource": "MISC",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5"
},
{
"name": "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431",
"refsource": "MISC",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431"
}
]
},
"source": {
"advisory": "GHSA-vrw4-w73r-6mm8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39168",
"datePublished": "2021-08-26T23:35:11.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:58:18.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3978 (GCVE-0-2021-3978)
Vulnerability from cvelistv5 – Published: 2025-01-29 10:00 – Updated: 2025-02-12 16:03
VLAI
Title
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
Summary
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation.
Severity
7.5 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cloudflare | octorpki |
Affected:
0 , < v1.4.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-3978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:19:06.799392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:03:40.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/cloudflare/cfrpki/cmd/octorpki",
"defaultStatus": "unaffected",
"packageName": "octorpki",
"platforms": [
"Go"
],
"product": "octorpki",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "v1.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ties de Kock"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When copying files with rsync, octorpki uses the \"-a\" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service\"\u003ehttps://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service\u003c/a\u003e) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation."
}
],
"value": "When copying files with rsync, octorpki uses the \"-a\" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T10:00:53.237Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85"
}
],
"source": {
"advisory": "GHSA-3pqh-p72c-fj85",
"discovery": "EXTERNAL"
},
"title": "Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2021-3978",
"datePublished": "2025-01-29T10:00:53.237Z",
"dateReserved": "2021-11-18T20:10:42.977Z",
"dateUpdated": "2025-02-12T16:03:40.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4200 (GCVE-0-2021-4200)
Vulnerability from cvelistv5 – Published: 2022-05-02 07:05 – Updated: 2024-09-16 17:54
VLAI
Title
Write access to the Catalog for any user when restricted-admin role is enabled
Summary
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.
Severity
5.4 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1193992 | x_refsource_CONFIRM |
Impacted products
Date Public
2022-04-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.5.13",
"status": "affected",
"version": "Rancher",
"versionType": "custom"
}
]
},
{
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "Rancher",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T07:05:15.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193992"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1193992",
"defect": [
"1193992"
],
"discovery": "UNKNOWN"
},
"title": "Write access to the Catalog for any user when restricted-admin role is enabled",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2022-04-15T00:00:00.000Z",
"ID": "CVE-2021-4200",
"STATE": "PUBLIC",
"TITLE": "Write access to the Catalog for any user when restricted-admin role is enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rancher",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Rancher",
"version_value": "2.5.13"
}
]
}
},
{
"product_name": "Rancher",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Rancher",
"version_value": "2.6.4"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1193992",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193992"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1193992",
"defect": [
"1193992"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2021-4200",
"datePublished": "2022-05-02T07:05:15.716Z",
"dateReserved": "2022-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:54:05.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42082 (GCVE-0-2021-42082)
Vulnerability from cvelistv5 – Published: 2023-07-10 06:29 – Updated: 2025-09-22 06:40
VLAI
Title
Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355
Summary
Local users are able to execute scripts under root privileges.
POC
On the local host run the following command:
curl 'localhost:8154/qstor/qs_upgrade.py?taskId=1&a=;`whoami`'
Severity
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.wbsec.nl/osnexus | third-party-advisorytechnical-descriptionexploit |
| https://csirt.divd.nl/DIVD-2021-00020/ | third-party-advisory |
| https://www.osnexus.com/products/software-defined… | product |
| https://csirt.divd.nl/CVE-2021-42082 | third-party-advisorytechnical-descriptionexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OSNEXUS | QuantaStor |
Affected:
0 , < 6.0.0.355
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.divd.nl/DIVD-2021-00020"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2021-42082"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T14:16:04.030763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:16:12.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.osnexus.com/downloads",
"defaultStatus": "unknown",
"platforms": [
"Windows",
"Linux"
],
"product": "QuantaStor",
"vendor": "OSNEXUS",
"versions": [
{
"lessThan": "6.0.0.355",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "C\u00e9listine Oosting (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local users are able to execute scripts under root privileges.\u003cbr\u003e\u003cbr\u003ePOC\u003cbr\u003e\u003cbr\u003eOn the local host run the following command:\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003ecurl \u0027localhost:8154/qstor/qs_upgrade.py?taskId=1\u0026amp;a=;`whoami`\u0027\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Local users are able to execute scripts under root privileges.\n\nPOC\n\nOn the local host run the following command:\n\ncurl \u0027localhost:8154/qstor/qs_upgrade.py?taskId=1\u0026a=;`whoami`\u0027"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T06:40:10.543Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description",
"exploit"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2021-00020/"
},
{
"tags": [
"product"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"technical-description",
"exploit"
],
"url": "https://csirt.divd.nl/CVE-2021-42082"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2021-42082",
"datePublished": "2023-07-10T06:29:47.984Z",
"dateReserved": "2021-10-07T17:12:57.678Z",
"dateUpdated": "2025-09-22T06:40:10.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4314 (GCVE-0-2021-4314)
Vulnerability from cvelistv5 – Published: 2023-01-18 15:23 – Updated: 2025-04-03 19:48
VLAI
Summary
It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn’t have the APAR PH12143 applied. This issue affects: 1.16 versions to 1.19. What happens is that the services using the ZAAS client or the API ML API to query will be deceived into believing the information in the JWT token is valid when it isn’t. It’s possible to use this to persuade the southbound service that different user is authenticated.
Severity
5.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/zowe/api-layer/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Open Mainframe Project | Zowe |
Affected:
1.16.0 , < 1.19.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://github.com/zowe/api-layer/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-4314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T16:07:48.197704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T19:48:49.004Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zowe",
"vendor": "Open Mainframe Project",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "1.16.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn\u2019t have the APAR PH12143 applied. This issue affects: 1.16 versions to 1.19. What happens is that the services using the ZAAS client or the API ML API to query will be deceived into believing the information in the JWT token is valid when it isn\u2019t. It\u2019s possible to use this to persuade the southbound service that different user is authenticated."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-18T15:23:42.797Z",
"orgId": "b1336bef-059d-4e13-b11b-9a6ef21b3c78",
"shortName": "Zowe"
},
"references": [
{
"tags": [
"product"
],
"url": "https://github.com/zowe/api-layer/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b1336bef-059d-4e13-b11b-9a6ef21b3c78",
"assignerShortName": "Zowe",
"cveId": "CVE-2021-4314",
"datePublished": "2023-01-18T15:23:42.797Z",
"dateReserved": "2023-01-18T15:23:09.523Z",
"dateUpdated": "2025-04-03T19:48:49.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43793 (GCVE-0-2021-43793)
Vulnerability from cvelistv5 – Published: 2021-12-01 19:40 – Updated: 2024-08-04 04:03
VLAI
Title
Bypass of Poll voting limits in Discourse
Summary
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse
Severity
4.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/discourse/discourse/security/a… | x_refsource_CONFIRM |
| https://github.com/discourse/discourse/commit/0c6… | x_refsource_MISC |
| https://github.com/discourse/discourse/commit/1d0… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:09.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 2.7.11"
},
{
"status": "affected",
"version": "tests-passed \u003c 2.8.0.beta9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T19:40:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b"
}
],
"source": {
"advisory": "GHSA-jq7h-44vc-h6qx",
"discovery": "UNKNOWN"
},
"title": "Bypass of Poll voting limits in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43793",
"STATE": "PUBLIC",
"TITLE": "Bypass of Poll voting limits in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "stable \u003c 2.7.11"
},
{
"version_value": "tests-passed \u003c 2.8.0.beta9"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx"
},
{
"name": "https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab"
},
{
"name": "https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b"
}
]
},
"source": {
"advisory": "GHSA-jq7h-44vc-h6qx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43793",
"datePublished": "2021-12-01T19:40:15.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:09.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43828 (GCVE-0-2021-43828)
Vulnerability from cvelistv5 – Published: 2021-12-14 19:20 – Updated: 2024-08-04 04:10
VLAI
Title
Improper Privilege Management in Patrowl
Summary
PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds.
Severity
7.5 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Patrowl/PatrowlManager/securit… | x_refsource_CONFIRM |
| https://huntr.dev/bounties/fe6248f1-603d-43df-816… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Patrowl | PatrowlManager |
Affected:
< 1.7.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:15.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Patrowl/PatrowlManager/security/advisories/GHSA-x4wp-xvq7-w5vr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fe6248f1-603d-43df-816c-c75534a56f72"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PatrowlManager",
"vendor": "Patrowl",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/\u003cowner_id\u003e/\u003ctmp_file\u003e In that, owner_id is predictable and tmp_file is in format of import_\u003cownder_id\u003e_\u003ctime_created\u003e, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T19:20:17.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Patrowl/PatrowlManager/security/advisories/GHSA-x4wp-xvq7-w5vr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/fe6248f1-603d-43df-816c-c75534a56f72"
}
],
"source": {
"advisory": "GHSA-x4wp-xvq7-w5vr",
"discovery": "UNKNOWN"
},
"title": "Improper Privilege Management in Patrowl",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43828",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in Patrowl"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PatrowlManager",
"version": {
"version_data": [
{
"version_value": "\u003c 1.7.7"
}
]
}
}
]
},
"vendor_name": "Patrowl"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/\u003cowner_id\u003e/\u003ctmp_file\u003e In that, owner_id is predictable and tmp_file is in format of import_\u003cownder_id\u003e_\u003ctime_created\u003e, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Patrowl/PatrowlManager/security/advisories/GHSA-x4wp-xvq7-w5vr",
"refsource": "CONFIRM",
"url": "https://github.com/Patrowl/PatrowlManager/security/advisories/GHSA-x4wp-xvq7-w5vr"
},
{
"name": "https://huntr.dev/bounties/fe6248f1-603d-43df-816c-c75534a56f72",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/fe6248f1-603d-43df-816c-c75534a56f72"
}
]
},
"source": {
"advisory": "GHSA-x4wp-xvq7-w5vr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43828",
"datePublished": "2021-12-14T19:20:17.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:10:15.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43835 (GCVE-0-2021-43835)
Vulnerability from cvelistv5 – Published: 2021-12-15 20:00 – Updated: 2024-08-04 04:10
VLAI
Title
Privilege escalation in the Sulu Admin panel
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually.
Severity
7.2 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/sulu/sulu/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/sulu/sulu/commit/30bf8b5a4f83b… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:15.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.18"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T20:00:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
}
],
"source": {
"advisory": "GHSA-84px-q68r-2fc9",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation in the Sulu Admin panel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43835",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in the Sulu Admin panel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sulu",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.0.0, \u003c 2.2.18"
},
{
"version_value": "\u003e= 2.3.0, \u003c 2.3.8"
}
]
}
}
]
},
"vendor_name": "sulu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9",
"refsource": "CONFIRM",
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
},
{
"name": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a",
"refsource": "MISC",
"url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
}
]
},
"source": {
"advisory": "GHSA-84px-q68r-2fc9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43835",
"datePublished": "2021-12-15T20:00:16.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:10:15.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-48
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation ID: MIT-49
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.