Vulnerability-Lookup

CNVD-2021-62463

Vulnerability from cnvd - Published: 2021-08-17

Title

Siren Investigate跨站请求伪造漏洞

Description

Siren Investigate是爱尔兰Siren公司的Siren平台的前端，允许创建仪表板、图表、链接分析、警报等。 Siren Investigate 11.1.1之前版本存在跨站请求伪造漏洞，攻击者可利用该漏洞在映像代理路由的参数中指定任意URL，并作为主机上的Investigate进程获取外部URL。

Severity

中

Patch Name

Siren Investigate跨站请求伪造漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-31216

Impacted products

Name
Siren Investigate <11.1.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-31216"
    }
  },
  "description": "Siren Investigate\u662f\u7231\u5c14\u5170Siren\u516c\u53f8\u7684Siren\u5e73\u53f0\u7684\u524d\u7aef\uff0c\u5141\u8bb8\u521b\u5efa\u4eea\u8868\u677f\u3001\u56fe\u8868\u3001\u94fe\u63a5\u5206\u6790\u3001\u8b66\u62a5\u7b49\u3002\n\nSiren Investigate 11.1.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6620\u50cf\u4ee3\u7406\u8def\u7531\u7684\u53c2\u6570\u4e2d\u6307\u5b9a\u4efb\u610fURL\uff0c\u5e76\u4f5c\u4e3a\u4e3b\u673a\u4e0a\u7684Investigate\u8fdb\u7a0b\u83b7\u53d6\u5916\u90e8URL\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-62463",
  "openTime": "2021-08-17",
  "patchDescription": "Siren Investigate\u662f\u7231\u5c14\u5170Siren\u516c\u53f8\u7684Siren\u5e73\u53f0\u7684\u524d\u7aef\uff0c\u5141\u8bb8\u521b\u5efa\u4eea\u8868\u677f\u3001\u56fe\u8868\u3001\u94fe\u63a5\u5206\u6790\u3001\u8b66\u62a5\u7b49\u3002\r\n\r\nSiren Investigate 11.1.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6620\u50cf\u4ee3\u7406\u8def\u7531\u7684\u53c2\u6570\u4e2d\u6307\u5b9a\u4efb\u610fURL\uff0c\u5e76\u4f5c\u4e3a\u4e3b\u673a\u4e0a\u7684Investigate\u8fdb\u7a0b\u83b7\u53d6\u5916\u90e8URL\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siren Investigate\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Siren Investigate \u003c11.1.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-31216",
  "serverity": "\u4e2d",
  "submitTime": "2021-07-21",
  "title": "Siren Investigate\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2021-31216 (GCVE-0-2021-31216)

Vulnerability from cvelistv5 – Published: 2021-07-19 12:29 – Updated: 2024-08-03 22:55

Summary

Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://community.siren.io/c/announcements	x_refsource_MISC
	https://docs.siren.io/siren-platform-user-guide/1…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:55:52.913Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.siren.io/c/announcements"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-19T12:29:21.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.siren.io/c/announcements"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31216",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.siren.io/c/announcements",
              "refsource": "MISC",
              "url": "https://community.siren.io/c/announcements"
            },
            {
              "name": "https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html",
              "refsource": "CONFIRM",
              "url": "https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31216",
    "datePublished": "2021-07-19T12:29:21.000Z",
    "dateReserved": "2021-04-15T00:00:00.000Z",
    "dateUpdated": "2024-08-03T22:55:52.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-62463

CVE-2021-31216 (GCVE-0-2021-31216)

Tags

Sightings

Nomenclature