Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by TUBITAK
CVE-2021-3825 (GCVE-0-2021-3825)
Vulnerability from cvelistv5 – Published: 2021-10-01 14:36 – Updated: 2024-09-16 19:56
VLAI?
Title
Missing Authorization Checks in LiderAhenk
Summary
On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.
Severity ?
9.6 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2021-09-16 21:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-21-0795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lider",
"vendor": "TUBITAK",
"versions": [
{
"lessThan": "2.1.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehmet INCE from PRODAFT"
}
],
"datePublic": "2021-09-16T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn 2.1.15 version and below of Lider module in LiderAhenk software is leaking it\u0027s configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.\u003c/p\u003e"
}
],
"value": "On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it\u0027s configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ehttps://github.com/mdisec/pardus-liderahenk-0day-RCE\u003c/p\u003e"
}
],
"value": "https://github.com/mdisec/pardus-liderahenk-0day-RCE"
}
],
"impacts": [
{
"capecId": "CAPEC-136",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-136 LDAP Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-03T16:05:47.740Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.usom.gov.tr/bildirim/tr-21-0795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLider component should be updated to 2.1.16.\u003c/p\u003e"
}
],
"value": "Lider component should be updated to 2.1.16."
}
],
"source": {
"advisory": "TR-21-0795",
"defect": [
"TR-21-0795"
],
"discovery": "EXTERNAL"
},
"title": "Missing Authorization Checks in LiderAhenk",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2021-09-17T00:00:00.000Z",
"ID": "CVE-2021-3825",
"STATE": "PUBLIC",
"TITLE": "Missing Authorization Checks in LiderAhenk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lider",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.16"
}
]
}
}
]
},
"vendor_name": "TUBITAK"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mehmet INCE from PRODAFT"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it\u0027s configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials."
}
]
},
"exploit": [
{
"lang": "en",
"value": "https://github.com/mdisec/pardus-liderahenk-0day-RCE"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usom.gov.tr/bildirim/tr-21-0795",
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-21-0795"
},
{
"name": "https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/",
"refsource": "CONFIRM",
"url": "https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Lider component should be updated to 2.1.16."
}
],
"source": {
"advisory": "TR-21-0795",
"defect": [
"TR-21-0795"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2021-3825",
"datePublished": "2021-10-01T14:36:20.926Z",
"dateReserved": "2021-09-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:56:05.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3806 (GCVE-0-2021-3806)
Vulnerability from cvelistv5 – Published: 2021-09-18 13:20 – Updated: 2024-09-16 23:46
VLAI?
Title
Path Traversal in Pardus Software Center
Summary
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.
Severity ?
5.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TUBITAK | Pardus Software Center |
Affected:
unspecified , < 0.1.0~beta10
(custom)
|
Date Public ?
2021-09-12 21:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-21-0754"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"amd64"
],
"product": "Pardus Software Center",
"vendor": "TUBITAK",
"versions": [
{
"lessThan": "0.1.0~beta10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehmet INCE from PRODAFT"
}
],
"datePublic": "2021-09-12T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA path traversal vulnerability on Pardus Software Center\u0027s \u0026quot;extractArchive\u0026quot; function could allow anyone on the same network to do a man-in-the-middle and write files on the system.\u003c/p\u003e"
}
],
"value": "A path traversal vulnerability on Pardus Software Center\u0027s \"extractArchive\" function could allow anyone on the same network to do a man-in-the-middle and write files on the system."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-03T16:06:18.099Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.usom.gov.tr/bildirim/tr-21-0754"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePardus Software Center should be updated to the latest version.\u003c/p\u003e"
}
],
"value": "Pardus Software Center should be updated to the latest version."
}
],
"source": {
"advisory": "TR-21-0754",
"defect": [
"TR-21-0754"
],
"discovery": "EXTERNAL"
},
"title": "Path Traversal in Pardus Software Center",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2021-09-13T00:00:00.000Z",
"ID": "CVE-2021-3806",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in Pardus Software Center"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pardus Software Center",
"version": {
"version_data": [
{
"platform": "amd64",
"version_affected": "\u003c",
"version_value": "0.1.0~beta10"
}
]
}
}
]
},
"vendor_name": "TUBITAK"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mehmet INCE from PRODAFT"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability on Pardus Software Center\u0027s \"extractArchive\" function could allow anyone on the same network to do a man-in-the-middle and write files on the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usom.gov.tr/bildirim/tr-21-0754",
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-21-0754"
},
{
"name": "https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/",
"refsource": "CONFIRM",
"url": "https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Pardus Software Center should be updated to the latest version."
}
],
"source": {
"advisory": "TR-21-0754",
"defect": [
"TR-21-0754"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2021-3806",
"datePublished": "2021-09-18T13:20:11.941Z",
"dateReserved": "2021-09-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:46:50.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}