CVE-2021-43829

Published: Dec 14, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

7.4

HIGH

Description

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue.

Vendor	Product	Versions
Patrowl	PatrowlManager	affected `< 1.7.7`

Weaknesses (CWE)

CWE-434

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://github.com/Patrowl/PatrowlManager/security/advisories/GHSA-5hc9-6hq4-2xfx

x_refsource_CONFIRM

https://github.com/Patrowl/PatrowlManager/commit/2287c9715d2e7ef11b44bb0ad4a57727654f2203

x_refsource_MISC

https://huntr.dev/bounties/17324785-f83a-4058-ac40-03f2bfa16399/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-43829

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References