admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-229xx/CVE-2021-22914.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

115 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-22914",
"sourceIdentifier": "support@hackerone.com",
"published": "2021-06-16T14:15:08.683",
"lastModified": "2021-06-24T20:30:57.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer."
},
{
"lang": "es",
"value": "Citrix Cloud Connector versiones anteriores a 6.31.0.62192, sufre de almacenamiento no seguro de informaci\u00f3n confidencial debido a que la informaci\u00f3n confidencial es almacenada en los archivos de registro de instalaci\u00f3n de Citrix Cloud Connector. Esta informaci\u00f3n podr\u00eda ser usada por un actor malicioso para acceder a un entorno de Citrix Cloud. Este problema afecta a todas las versiones de Citrix Cloud Connector que fueron instaladas pasando par\u00e1metros de cliente seguro para la instalaci\u00f3n por medio de la l\u00ednea de comandos. El problema no afecta a Citrix Cloud Connector si se instal\u00f3 mediante el instalador interactivo o si se us\u00f3 un archivo de par\u00e1metros con el instalador de l\u00ednea de comandos"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
},
{
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:cloud_connector:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.31.0.62192",
"matchCriteriaId": "81564DA8-436D-433F-8486-E48A90AE8F14"
}
]
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX316690",
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink