Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveGitHub_MCVE-2021-21276
HistoryFeb 01, 2021 - 3:15 p.m.

CVE-2021-21276

2021-02-0115:15:13
CWE-863
GitHub_M
web.nvd.nist.gov
16
7
polr
open source
url shortener
vulnerability
setup
admin access
cve-2021-21276
security fix
patch

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

AI Score

9.1

Confidence

High

EPSS

0.016

Percentile

87.4%

JSON

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users’ settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.

Affected configurations

Nvd
Vulners
Node
polrprojectpolrRange<2.3.0
VendorProductVersionCPE
polrprojectpolr*cpe:2.3:a:polrproject:polr:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "cydrobolt",
    "product": "polr",
    "versions": [
      {
        "version": "< 2.3.0",
        "status": "affected"
      }
    ]
  }
]

Social References

More

Related

prion 1
packetstorm 1
cvelist 1
zdt 1
osv 1
nvd 1
exploitdb 1
prion
prion
Code injection
2021-02-01 15:15:00
packetstorm
packetstorm
POLR URL 2.3.0 Shortener Admin Takeover
2023-04-06 00:00:00
cvelist
cvelist
CVE-2021-21276 Privilege escalation in Polr
2021-02-01 00:00:00
zdt
zdt
POLR URL 2.3.0 - Shortener Admin Account Takeover Exploit
2023-04-06 00:00:00
osv
osv
CVE-2021-21276
2021-02-01 15:15:13
nvd
nvd
CVE-2021-21276
2021-02-01 15:15:13
exploitdb
exploitdb
POLR URL 2.3.0 - Shortener Admin Takeover
2023-04-06 00:00:00

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

AI Score

9.1

Confidence

High

EPSS

0.016

Percentile

87.4%

JSON
Related for CVE-2021-21276
prion1packetstorm1cvelist1zdt1osv1nvd1exploitdb1