admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2021-39196 for GHSA-3r67-fxpr-p2qx

Browse Source 
Add CVE-2021-39196 for GHSA-3r67-fxpr-p2qx
This commit is contained in:
advisory-db[bot] 2021-09-07 18:51:17 +00:00 committed by GitHub
parent 36fda4674d
commit ebd8ede39d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 81 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
2021/39xxx/CVE-2021-39196.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39196",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Authenticated non-privileged user can request unfiltered data without adequate permissions in pcapture"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pcapture",
"version": {
"version_data": [
{
"version_value": "< 3.12"
}
]
}
}
]
},
"vendor_name": "jdhwpgmbca"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater.\n"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jdhwpgmbca/pcapture/security/advisories/GHSA-3r67-fxpr-p2qx",
"refsource": "CONFIRM",
"url": "https://github.com/jdhwpgmbca/pcapture/security/advisories/GHSA-3r67-fxpr-p2qx"
},
{
"name": "https://github.com/jdhwpgmbca/pcapture/issues/7",
"refsource": "MISC",
"url": "https://github.com/jdhwpgmbca/pcapture/issues/7"
},
{
"name": "https://github.com/jdhwpgmbca/pcapture/commit/0f74f431e0970a2e5784dbd955cfa4760e3b1ef7",
"refsource": "MISC",
"url": "https://github.com/jdhwpgmbca/pcapture/commit/0f74f431e0970a2e5784dbd955cfa4760e3b1ef7"
}
]
},
"source": {
"advisory": "GHSA-3r67-fxpr-p2qx",
"discovery": "UNKNOWN"
}
}