From 23f255f3ad9306e3849aec233da3e01efea95dba Mon Sep 17 00:00:00 2001 From: "Shelby J. Cunningham" Date: Wed, 19 May 2021 15:58:10 -0400 Subject: [PATCH] Add CVE-2021-29622 for GHSA-vx57-7f4q-fpc7 --- 2021/29xxx/CVE-2021-29622.json | 87 +++++++++++++++++++++++++++++++--- 1 file changed, 81 insertions(+), 6 deletions(-) diff --git a/2021/29xxx/CVE-2021-29622.json b/2021/29xxx/CVE-2021-29622.json index 709fb9c6762..22e401d7a48 100644 --- a/2021/29xxx/CVE-2021-29622.json +++ b/2021/29xxx/CVE-2021-29622.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-29622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Arbitrary redirects under /new endpoint" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "prometheus", + "version": { + "version_data": [ + { + "version_value": ">= 2.23.0, < 2.27.1" + } + ] + } + } + ] + }, + "vendor_name": "prometheus" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7", + "refsource": "CONFIRM", + "url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7" + }, + { + "name": "https://github.com/prometheus/prometheus/releases/tag/v2.26.1", + "refsource": "MISC", + "url": "https://github.com/prometheus/prometheus/releases/tag/v2.26.1" + }, + { + "name": "https://github.com/prometheus/prometheus/releases/tag/v2.27.1", + "refsource": "MISC", + "url": "https://github.com/prometheus/prometheus/releases/tag/v2.27.1" + } + ] + }, + "source": { + "advisory": "GHSA-vx57-7f4q-fpc7", + "discovery": "UNKNOWN" } } \ No newline at end of file