CVE-2021-33605

Published: Aug 25, 2021

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled Checkbox inside enabled CheckboxGroup component via unspecified vectors.

Vendor	Product	Versions
Vaadin	Vaadin	affected `12.0.0 - < unspecified` affected `unspecified - < 14.0.0` affected `14.0.0 - < unspecified` affected `unspecified - < 14.5.0` affected `15.0.0 - < unspecified` +5 more versions
Vaadin	vaadin-checkbox-flow	affected `1.2.0 - < unspecified` affected `unspecified - < 2.0.0` affected `2.0.0 - < unspecified` affected `unspecified - < 3.0.0` affected `3.0.0 - < unspecified` +5 more versions

Weaknesses (CWE)

CWE-754

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://vaadin.com/security/cve-2021-33605

x_refsource_CONFIRM

https://github.com/vaadin/flow-components/pull/1903

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-33605

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References