Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

CVE-2021-23264 (GCVE-0-2021-23264)

Vulnerability from cvelistv5 – Published: 2021-12-02 15:40 – Updated: 2024-09-16 19:15
VLAI
Title
Transmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter Search
Summary
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
CWE
  • CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Vendor Product Version
Crafter Software Crafter CMS Affected: 3.1 , < 3.1.15 (custom)
Create a notification for this product.
Date Public
2021-12-01 00:00
Credits
Sparsh Kulshrestha
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:05:55.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120107"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Crafter CMS",
          "vendor": "Crafter Software",
          "versions": [
            {
              "lessThan": "3.1.15",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sparsh Kulshrestha"
        }
      ],
      "datePublic": "2021-12-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-402",
              "description": "CWE-402: Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-02T15:40:59.000Z",
        "orgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
        "shortName": "crafter"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120107"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027) and Exposure of Resource to Wrong Sphere in Crafter Search",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable remote access to crafter-search."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@craftersoftware.com",
          "DATE_PUBLIC": "2021-12-01T15:40:00.000Z",
          "ID": "CVE-2021-23264",
          "STATE": "PUBLIC",
          "TITLE": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027) and Exposure of Resource to Wrong Sphere in Crafter Search"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Crafter CMS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.1",
                            "version_value": "3.1.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Crafter Software"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sparsh Kulshrestha"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-402: Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668 Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120107",
              "refsource": "MISC",
              "url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120107"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Disable remote access to crafter-search."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
    "assignerShortName": "crafter",
    "cveId": "CVE-2021-23264",
    "datePublished": "2021-12-02T15:40:59.160Z",
    "dateReserved": "2021-01-08T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:15:49.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-22869 (GCVE-0-2021-22869)

Vulnerability from cvelistv5 – Published: 2021-09-24 17:50 – Updated: 2024-08-03 18:51
VLAI
Title
Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group
Summary
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
GitHub GitHub Enterprise Server Affected: 3.0 , < 3.0.16 (custom)
Affected: 3.1 , < 3.1.8 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.513Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GitHub Enterprise Server",
          "vendor": "GitHub",
          "versions": [
            {
              "lessThan": "3.0.16",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.8",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-24T17:50:10.000Z",
        "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
        "shortName": "GitHub_P"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-cna@github.com",
          "ID": "CVE-2021-22869",
          "STATE": "PUBLIC",
          "TITLE": "Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GitHub Enterprise Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.0",
                            "version_value": "3.0.16"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.1",
                            "version_value": "3.1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GitHub"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16",
              "refsource": "MISC",
              "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16"
            },
            {
              "name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8",
              "refsource": "MISC",
              "url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
    "assignerShortName": "GitHub_P",
    "cveId": "CVE-2021-22869",
    "datePublished": "2021-09-24T17:50:10.000Z",
    "dateReserved": "2021-01-06T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:51:07.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-21878 (GCVE-0-2021-21878)

Vulnerability from cvelistv5 – Published: 2021-12-22 18:06 – Updated: 2024-08-03 18:23
VLAI
Summary
A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Vendor Product Version
n/a Lantronix Affected: Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:23:29.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1322"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Lantronix",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-22T18:06:29.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1322"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2021-21878",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Lantronix",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 4.9,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668: Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1322",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1322"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2021-21878",
    "datePublished": "2021-12-22T18:06:29.000Z",
    "dateReserved": "2021-01-04T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:23:29.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-21382 (GCVE-0-2021-21382)

Vulnerability from cvelistv5 – Published: 2021-06-11 20:50 – Updated: 2024-08-03 18:09
VLAI
Title
Unsafe loopback forwarding interface in Restund
Summary
Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship (https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43) the `status` interface of restund is enabled and is listening on `127.0.0.1`.The `status` interface allows users to issue administrative commands to `restund` like listing open relays or draining connections. It would be possible for an attacker to contact the status interface and issue administrative commands by setting `XOR-PEER-ADDRESS` to `127.0.0.1:{{restund_udp_status_port}}` when opening a TURN channel. We now explicitly disallow relaying to loopback addresses, 'any' addresses, link local addresses, and the broadcast address. As a workaround disable the `status` module in your restund configuration. However there might still be other services running on `127.0.0.0/8` that you do not want to have exposed. The `turn` module can be disabled. Restund will still perform STUN and this might already be enough for initiating calls in your environments. TURN is only used as a last resort when other NAT traversal options do not work. One should also make sure that the TURN server is set up with firewall rules so that it cannot relay to other addresses that you don't want the TURN server to relay to. For example other services in the same VPC where the TURN server is running. Ideally TURN servers should be deployed in an isolated fashion where they can only reach what they need to reach to perform their task of assisting NAT-traversal.
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
wireapp restund Affected: < 0.4.15
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:09:16.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/wireapp/restund/security/advisories/GHSA-96j5-w9jq-pv2x"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/wireapp/restund/pull/7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.wire.com/understand/restund.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.rtcsec.com/post/2021/01/details-about-cve-2020-26262-bypass-of-coturns-default-access-control-protection/#further-concerns-what-else"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "restund",
          "vendor": "wireapp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.4.15"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship (https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43) the `status` interface of restund is enabled and is listening on `127.0.0.1`.The `status` interface allows users to issue administrative commands to `restund` like listing open relays or draining connections. It would be possible for an attacker to contact the status interface and issue administrative commands by setting `XOR-PEER-ADDRESS` to `127.0.0.1:{{restund_udp_status_port}}` when opening a TURN channel. We now explicitly disallow relaying to loopback addresses, \u0027any\u0027 addresses, link local addresses, and the broadcast address. As a workaround disable the `status` module in your restund configuration. However there might still be other services running on `127.0.0.0/8` that you do not want to have exposed. The `turn` module can be disabled. Restund will still perform STUN and this might already be enough for initiating calls in your environments. TURN is only used as a last resort when other NAT traversal options do not work. One should also make sure that the TURN server is set up with firewall rules so that it cannot relay to other addresses that you don\u0027t want the TURN server to relay to. For example other services in the same VPC where the TURN server is running. Ideally TURN servers should be deployed in an isolated fashion where they can only reach what they need to reach to perform their task of assisting NAT-traversal."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-11T20:50:14.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wireapp/restund/security/advisories/GHSA-96j5-w9jq-pv2x"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wireapp/restund/pull/7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.wire.com/understand/restund.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.rtcsec.com/post/2021/01/details-about-cve-2020-26262-bypass-of-coturns-default-access-control-protection/#further-concerns-what-else"
        }
      ],
      "source": {
        "advisory": "GHSA-96j5-w9jq-pv2x",
        "discovery": "UNKNOWN"
      },
      "title": "Unsafe loopback forwarding interface in Restund",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-21382",
          "STATE": "PUBLIC",
          "TITLE": "Unsafe loopback forwarding interface in Restund"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "restund",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.4.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "wireapp"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship (https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43) the `status` interface of restund is enabled and is listening on `127.0.0.1`.The `status` interface allows users to issue administrative commands to `restund` like listing open relays or draining connections. It would be possible for an attacker to contact the status interface and issue administrative commands by setting `XOR-PEER-ADDRESS` to `127.0.0.1:{{restund_udp_status_port}}` when opening a TURN channel. We now explicitly disallow relaying to loopback addresses, \u0027any\u0027 addresses, link local addresses, and the broadcast address. As a workaround disable the `status` module in your restund configuration. However there might still be other services running on `127.0.0.0/8` that you do not want to have exposed. The `turn` module can be disabled. Restund will still perform STUN and this might already be enough for initiating calls in your environments. TURN is only used as a last resort when other NAT traversal options do not work. One should also make sure that the TURN server is set up with firewall rules so that it cannot relay to other addresses that you don\u0027t want the TURN server to relay to. For example other services in the same VPC where the TURN server is running. Ideally TURN servers should be deployed in an isolated fashion where they can only reach what they need to reach to perform their task of assisting NAT-traversal."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668: Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/wireapp/restund/security/advisories/GHSA-96j5-w9jq-pv2x",
              "refsource": "CONFIRM",
              "url": "https://github.com/wireapp/restund/security/advisories/GHSA-96j5-w9jq-pv2x"
            },
            {
              "name": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p",
              "refsource": "MISC",
              "url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
            },
            {
              "name": "https://github.com/wireapp/restund/pull/7",
              "refsource": "MISC",
              "url": "https://github.com/wireapp/restund/pull/7"
            },
            {
              "name": "https://docs.wire.com/understand/restund.html",
              "refsource": "MISC",
              "url": "https://docs.wire.com/understand/restund.html"
            },
            {
              "name": "https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43",
              "refsource": "MISC",
              "url": "https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43"
            },
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732"
            },
            {
              "name": "https://www.rtcsec.com/post/2021/01/details-about-cve-2020-26262-bypass-of-coturns-default-access-control-protection/#further-concerns-what-else",
              "refsource": "MISC",
              "url": "https://www.rtcsec.com/post/2021/01/details-about-cve-2020-26262-bypass-of-coturns-default-access-control-protection/#further-concerns-what-else"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-96j5-w9jq-pv2x",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-21382",
    "datePublished": "2021-06-11T20:50:14.000Z",
    "dateReserved": "2020-12-22T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:09:16.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-21334 (GCVE-0-2021-21334)

Vulnerability from cvelistv5 – Published: 2021-03-10 21:30 – Updated: 2024-08-03 18:09
VLAI
Title
environment variable leak
Summary
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.
CWE
  • CWE-668 - {"CWE-668":"Exposure of Resource to Wrong Sphere"}
Assigner
Impacted products
Vendor Product Version
containerd containerd Affected: < 1.3.10
Affected: >= 1.4.0, < 1.4.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:09:15.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/containerd/containerd/releases/tag/v1.4.4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/containerd/containerd/releases/tag/v1.3.10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"
          },
          {
            "name": "FEDORA-2021-470fa24f5b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/"
          },
          {
            "name": "FEDORA-2021-10ce8fcbf1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/"
          },
          {
            "name": "FEDORA-2021-f049305892",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/"
          },
          {
            "name": "GLSA-202105-33",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202105-33"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "containerd",
          "vendor": "containerd",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.3.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.4.0, \u003c 1.4.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "{\"CWE-668\":\"Exposure of Resource to Wrong Sphere\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T11:08:46.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/containerd/containerd/releases/tag/v1.4.4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/containerd/containerd/releases/tag/v1.3.10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"
        },
        {
          "name": "FEDORA-2021-470fa24f5b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/"
        },
        {
          "name": "FEDORA-2021-10ce8fcbf1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/"
        },
        {
          "name": "FEDORA-2021-f049305892",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/"
        },
        {
          "name": "GLSA-202105-33",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202105-33"
        }
      ],
      "source": {
        "advisory": "GHSA-6g2q-w5j3-fwh4",
        "discovery": "UNKNOWN"
      },
      "title": "environment variable leak",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-21334",
          "STATE": "PUBLIC",
          "TITLE": "environment variable leak"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "containerd",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.3.10"
                          },
                          {
                            "version_value": "\u003e= 1.4.0, \u003c 1.4.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "containerd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-668\":\"Exposure of Resource to Wrong Sphere\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4",
              "refsource": "CONFIRM",
              "url": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"
            },
            {
              "name": "https://github.com/containerd/containerd/releases/tag/v1.4.4",
              "refsource": "MISC",
              "url": "https://github.com/containerd/containerd/releases/tag/v1.4.4"
            },
            {
              "name": "https://github.com/containerd/containerd/releases/tag/v1.3.10",
              "refsource": "MISC",
              "url": "https://github.com/containerd/containerd/releases/tag/v1.3.10"
            },
            {
              "name": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e",
              "refsource": "MISC",
              "url": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"
            },
            {
              "name": "FEDORA-2021-470fa24f5b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/"
            },
            {
              "name": "FEDORA-2021-10ce8fcbf1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/"
            },
            {
              "name": "FEDORA-2021-f049305892",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/"
            },
            {
              "name": "GLSA-202105-33",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202105-33"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-6g2q-w5j3-fwh4",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-21334",
    "datePublished": "2021-03-10T21:30:18.000Z",
    "dateReserved": "2020-12-22T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:09:15.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20999 (GCVE-0-2021-20999)

Vulnerability from cvelistv5 – Published: 2021-05-13 13:45 – Updated: 2024-09-17 01:16
VLAI
Title
WEIDMUELLER: Accidentally open network port in u-controls and IoT-Gateways
Summary
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Vendor Product Version
Weidmüller UC20-WL2000-AC (No. 1334950000) Affected: 1.3.0 , ≤ 1.9.0 (custom)
Affected: 1.10.0 , ≤ 1.10.2 (custom)
Affected: 1.11.0 , ≤ 1.12.1 (custom)
Create a notification for this product.
Weidmüller UC20-WL2000-IOT (No. 1334990000) Affected: 1.3.0 , ≤ 1.9.0 (custom)
Affected: 1.10.0 , ≤ 1.10.2 (custom)
Affected: 1.11.0 , ≤ 1.12.1 (custom)
Create a notification for this product.
Weidmüller IOT-GW30 (No. 2682620000) Affected: 1.3.0 , ≤ 1.9.0 (custom)
Affected: 1.10.0 , ≤ 1.10.2 (custom)
Affected: 1.11.0 , ≤ 1.12.1 (custom)
Create a notification for this product.
Weidmüller IOT-GW30-4G-EU (No. 2682630000) Affected: 1.3.0 , ≤ 1.9.0 (custom)
Affected: 1.10.0 , ≤ 1.10.2 (custom)
Affected: 1.11.0 , ≤ 1.12.1 (custom)
Create a notification for this product.
Date Public
2021-05-04 00:00
Credits
Reported by Weidmüller.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:23.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "UC20-WL2000-AC (No. 1334950000)",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "1.9.0",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.10.2",
              "status": "affected",
              "version": "1.10.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.12.1",
              "status": "affected",
              "version": "1.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "UC20-WL2000-IOT (No. 1334990000)",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "1.9.0",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.10.2",
              "status": "affected",
              "version": "1.10.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.12.1",
              "status": "affected",
              "version": "1.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IOT-GW30 (No. 2682620000)",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "1.9.0",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.10.2",
              "status": "affected",
              "version": "1.10.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.12.1",
              "status": "affected",
              "version": "1.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IOT-GW30-4G-EU (No. 2682630000)",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "1.9.0",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.10.2",
              "status": "affected",
              "version": "1.10.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.12.1",
              "status": "affected",
              "version": "1.11.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by Weidm\u00fcller."
        }
      ],
      "datePublic": "2021-05-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidm\u00fcller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-13T13:45:25.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-016"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Weidm\u00fcller recommends upgrading affected devices to the current firmware version 1.12.3 or higher which fixes this vulnerability."
        }
      ],
      "source": {
        "advisory": "VDE-2021-016",
        "defect": [
          "VDE-2021-016"
        ],
        "discovery": "INTERNAL"
      },
      "title": "WEIDMUELLER: Accidentally open network port in u-controls and IoT-Gateways",
      "workarounds": [
        {
          "lang": "en",
          "value": "Restrict access to the network the device is connected to.\nDo not directly connect the device to the internet."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-05-04T10:00:00.000Z",
          "ID": "CVE-2021-20999",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: Accidentally open network port in u-controls and IoT-Gateways"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "UC20-WL2000-AC (No. 1334950000)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.3.0",
                            "version_value": "1.9.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.10.0",
                            "version_value": "1.10.2"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.11.0",
                            "version_value": "1.12.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "UC20-WL2000-IOT (No. 1334990000)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.3.0",
                            "version_value": "1.9.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.10.0",
                            "version_value": "1.10.2"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.11.0",
                            "version_value": "1.12.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IOT-GW30 (No. 2682620000)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.3.0",
                            "version_value": "1.9.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.10.0",
                            "version_value": "1.10.2"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.11.0",
                            "version_value": "1.12.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IOT-GW30-4G-EU (No. 2682630000)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.3.0",
                            "version_value": "1.9.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.10.0",
                            "version_value": "1.10.2"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.11.0",
                            "version_value": "1.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Reported by Weidm\u00fcller."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidm\u00fcller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668 Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-016",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-016"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Weidm\u00fcller recommends upgrading affected devices to the current firmware version 1.12.3 or higher which fixes this vulnerability."
          }
        ],
        "source": {
          "advisory": "VDE-2021-016",
          "defect": [
            "VDE-2021-016"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Restrict access to the network the device is connected to.\nDo not directly connect the device to the internet."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-20999",
    "datePublished": "2021-05-13T13:45:25.284Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:16:17.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-1438 (GCVE-0-2021-1438)

Vulnerability from cvelistv5 – Published: 2021-05-06 12:40 – Updated: 2024-11-08 23:21
VLAI
Title
Cisco Wide Area Application Services Software Information Disclosure Vulnerability
Summary
A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2021-05-05 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210505 Cisco Wide Area Application Services Software Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1438",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:44:22.978546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:21:29.541Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Wide Area Application Services (WAAS)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-05-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-06T12:40:54.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210505 Cisco Wide Area Application Services Software Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK"
        }
      ],
      "source": {
        "advisory": "cisco-sa-waas-infdisc-Twb4EypK",
        "defect": [
          [
            "CSCvw97364"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Wide Area Application Services Software Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-05-05T16:00:00",
          "ID": "CVE-2021-1438",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Wide Area Application Services Software Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Wide Area Application Services (WAAS)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.5",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210505 Cisco Wide Area Application Services Software Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-waas-infdisc-Twb4EypK",
          "defect": [
            [
              "CSCvw97364"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1438",
    "datePublished": "2021-05-06T12:40:54.478Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-11-08T23:21:29.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-1423 (GCVE-0-2021-1423)

Vulnerability from cvelistv5 – Published: 2021-03-24 20:20 – Updated: 2024-11-08 23:30
VLAI
Title
Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability
Summary
A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2021-03-24 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:16.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210324 Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1423",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:47:09.653137Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:30:28.527Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Aironet Access Point Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-03-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-24T20:20:38.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210324 Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ap-foverwrt-HyVXvrtb",
        "defect": [
          [
            "CSCvu98274"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-03-24T16:00:00",
          "ID": "CVE-2021-1423",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Aironet Access Point Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.4",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210324 Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-foverwrt-HyVXvrtb"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ap-foverwrt-HyVXvrtb",
          "defect": [
            [
              "CSCvu98274"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1423",
    "datePublished": "2021-03-24T20:20:38.878Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-11-08T23:30:28.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-26272 (GCVE-0-2020-26272)

Vulnerability from cvelistv5 – Published: 2021-01-28 18:25 – Updated: 2025-05-27 15:20
VLAI
Title
Electron vulnerable to ID collision when routing IPC messages to renderers containing OOPIFs
Summary
The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue.
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
electron electron Affected: < 9.4.0
Affected: >= 10.0.0, < 10.2.0
Affected: >= 11.0.0, < 11.1.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:56:04.080Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/releases/tag/v9.4.0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/pull/26875"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, \u003c 10.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.0.0, \u003c 11.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-27T15:20:11.927Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
        },
        {
          "name": "https://github.com/electron/electron/pull/26875",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/pull/26875"
        },
        {
          "name": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
        },
        {
          "name": "https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208"
        },
        {
          "name": "https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2"
        },
        {
          "name": "https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc"
        },
        {
          "name": "https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd"
        },
        {
          "name": "https://github.com/electron/electron/releases/tag/v9.4.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/releases/tag/v9.4.0"
        },
        {
          "name": "https://www.electronjs.org/releases/stable?version=9#9.4.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
        }
      ],
      "source": {
        "advisory": "GHSA-hvf8-h2qh-37m9",
        "discovery": "UNKNOWN"
      },
      "title": "Electron vulnerable to ID collision when routing IPC messages to renderers containing OOPIFs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-26272",
    "datePublished": "2021-01-28T18:25:17.000Z",
    "dateReserved": "2020-10-01T00:00:00.000Z",
    "dateUpdated": "2025-05-27T15:20:11.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-26261 (GCVE-0-2020-26261)

Vulnerability from cvelistv5 – Published: 2020-12-09 16:30 – Updated: 2024-08-04 15:56
VLAI
Title
user-readable api tokens in systemd units
Summary
jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:56:03.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://pypi.org/project/jupyterhub-systemdspawner/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "systemdspawner",
          "vendor": "jupyterhub",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.15"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-09T16:30:14.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://pypi.org/project/jupyterhub-systemdspawner/"
        }
      ],
      "source": {
        "advisory": "GHSA-cg54-gpgr-4rm6",
        "discovery": "UNKNOWN"
      },
      "title": "user-readable api tokens in systemd units",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-26261",
          "STATE": "PUBLIC",
          "TITLE": "user-readable api tokens in systemd units"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "systemdspawner",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "jupyterhub"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668: Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6",
              "refsource": "CONFIRM",
              "url": "https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6"
            },
            {
              "name": "https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580",
              "refsource": "MISC",
              "url": "https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580"
            },
            {
              "name": "https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015",
              "refsource": "MISC",
              "url": "https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015"
            },
            {
              "name": "https://pypi.org/project/jupyterhub-systemdspawner/",
              "refsource": "MISC",
              "url": "https://pypi.org/project/jupyterhub-systemdspawner/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-cg54-gpgr-4rm6",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-26261",
    "datePublished": "2020-12-09T16:30:14.000Z",
    "dateReserved": "2020-10-01T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:56:03.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.