admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#677

Browse Source 
Auto-merge PR#677
This commit is contained in:
CVE Team 2021-02-01 09:50:20 -05:00 committed by GitHub
commit 4ce14dbd06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 81 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
2021/21xxx/CVE-2021-21276.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21276",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in Polr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polr",
"version": {
"version_data": [
{
"version_value": "< 2.3.0"
}
]
}
}
]
},
"vendor_name": "cydrobolt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings.\n\nIf an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts.\n\nThis is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cydrobolt/polr/security/advisories/GHSA-vg6w-8w9v-xxqc",
"refsource": "CONFIRM",
"url": "https://github.com/cydrobolt/polr/security/advisories/GHSA-vg6w-8w9v-xxqc"
},
{
"name": "https://github.com/cydrobolt/polr/commit/b1981709908caf6069b4a29dad3b6739c322c675",
"refsource": "MISC",
"url": "https://github.com/cydrobolt/polr/commit/b1981709908caf6069b4a29dad3b6739c322c675"
},
{
"name": "https://github.com/cydrobolt/polr/releases/tag/2.3.0",
"refsource": "MISC",
"url": "https://github.com/cydrobolt/polr/releases/tag/2.3.0"
}
]
},
"source": {
"advisory": "GHSA-vg6w-8w9v-xxqc",
"discovery": "UNKNOWN"
}
}