admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-279xx/CVE-2021-27913.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

152 lines
4.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-27913",
"sourceIdentifier": "security@mautic.org",
"published": "2021-08-30T16:15:07.457",
"lastModified": "2021-09-03T16:43:47.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0."
},
{
"lang": "es",
"value": "La funci\u00f3n mt_rand es usada para generar tokens de sesi\u00f3n, esta funci\u00f3n es criptogr\u00e1ficamente defectuosa debido a que su naturaleza es una pseudoaleatoriedad, un atacante puede aprovechar la naturaleza criptogr\u00e1ficamente no segura de esta funci\u00f3n para enumerar tokens de sesi\u00f3n para cuentas que no est\u00e1n bajo su control. Este problema afecta a: Mautic versiones anteriores a 3.3.4; versiones anteriores a 4.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "security@mautic.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-338"
}
]
},
{
"source": "security@mautic.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.4",
"matchCriteriaId": "EA7B8AF8-5929-4515-9EFF-9F589FA3FFDC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "A4B8FCED-A690-45D0-ACE1-871ADA2080F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "14D56FFE-E768-4502-BA7E-6B34BFE463B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "C536B44B-C713-47D1-9EBD-E2D94CB0561E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3",
"source": "security@mautic.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink