admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

GAEN Verification CVE-2021-22538 initial commit

Browse Source
This commit is contained in:
Monsieur Francis Perron 2021-03-31 23:05:25 +02:00
parent 05d29be2c3
commit fbe1222577
No known key found for this signature in database
GPG Key ID: AD21495B92BCF79F
1 changed files with 99 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2021/22xxx/CVE-2021-22538.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2021-22538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in RBAC system"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exposure Notifications Verification Server",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "<=",
"version_name": "stable",
"version_value": "0.23.0"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Mazzolini (Ethical Hacker at WHO)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their own. This occurs due to insufficient checks on the allowed set of permissions. The new user creation event would be captured in the Event Log."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-5v95-v8c8-3rh6",
"refsource": "CONFIRM",
"url": "https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-5v95-v8c8-3rh6"
},
{
"name": "https://github.com/google/exposure-notifications-verification-server/commit/eb8cf40b12dbe79304f1133c06fb73419383cd95",
"refsource": "CONFIRM",
"url": "https://github.com/google/exposure-notifications-verification-server/commit/eb8cf40b12dbe79304f1133c06fb73419383cd95"
},
{
"name": "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.23.1",
"refsource": "CONFIRM",
"url": "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.23.1"
},
{
"name": "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.24.0",
"refsource": "CONFIRM",
"url": "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.24.0"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}