Auto-merge PR#680

2025-08-04 08:44:25 +00:00 · 2021-02-01 10:25:25 -05:00 · 2021-02-01 10:25:25 -05:00 · 1e926c4925
commit 1e926c4925
parent 0a1ba1ef68 be9adcb265
1 changed files with 76 additions and 6 deletions
--- a/2021/21xxx/CVE-2021-21286.json
+++ b/2021/21xxx/CVE-2021-21286.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-21286",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Authorization Bypass in AVideo Platform"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "AVideo",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 10.2"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "WWBN"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube.\n\nIn AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control.\n\nThis is fixed in version 10.2. All queries now remove the pass hash and the recoverPass hash."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 7.7,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-863: Incorrect Authorization"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/WWBN/AVideo/security/advisories/GHSA-xq8j-fhg5-hr39",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-xq8j-fhg5-hr39"
+            },
+            {
+                "name": "https://avideo.tube/",
+                "refsource": "MISC",
+                "url": "https://avideo.tube/"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-xq8j-fhg5-hr39",
+        "discovery": "UNKNOWN"
    }
 }