CVE-2021-39165 Vulnerability Details

  /     /     /  

CVE-2021-39165 Metadata Quick Info

CVE Published: 26/08/2021 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: GitHub_M | Vendor: fiveai | Product: Cachet
Status : PUBLISHED

---

CVE-2021-39165 Description

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator\'s password and session. The original repository of Cachet is not active, the stable version 2.3.18 and it\'s developing 2.4 branch is affected.

Metrics

CVSS Version: 3.1 | Base Score: 8.1 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-287
CWE Name: CWE-287: Improper Authentication
Source: fiveai

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).