admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-398xx/CVE-2021-39894.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

157 lines
5.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-39894",
"sourceIdentifier": "cve@gitlab.com",
"published": "2021-10-05T13:15:08.467",
"lastModified": "2021-10-12T17:49:21.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks."
},
{
"lang": "es",
"value": "En todas las versiones de GitLab CE/EE desde la versi\u00f3n 8.0, se presenta una vulnerabilidad de reenganche de DNS en el importador Fogbugz que puede ser usada por atacantes para explotar ataques de tipo Server Side Request Forgery"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "14.1.7",
"matchCriteriaId": "108BFCA8-3661-485A-BD06-27FA8999BB50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "14.1.7",
"matchCriteriaId": "4B4A8EE5-32B8-4DFB-9431-01A76FF04037"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "14.2.0",
"versionEndExcluding": "14.2.5",
"matchCriteriaId": "CAB23F69-59A2-430F-A082-A5F81A7A464C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "14.2.0",
"versionEndExcluding": "14.2.5",
"matchCriteriaId": "CD7E2FAA-308F-450F-8990-52A7DEB8ED00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:community:*:*:*",
"matchCriteriaId": "3E754C1F-3FB2-4387-8523-19896FDE7A14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "ED0EDF4C-4350-476E-A6C4-C2FEFC2078D8"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39894.json",
"source": "cve@gitlab.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink