Back to search
CVE-2021-28122
Published: Mar 10, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. The issue occurs because Express is not set up to require authentication.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/open5gs/open5gs/releases
x_refsource_MISC
https://github.com/open5gs/open5gs/issues/837
x_refsource_MISC
https://github.com/open5gs/open5gs/pull/838
x_refsource_MISC
https://github.com/open5gs/open5gs/compare/v2.2.0...v2.2.1
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now