CVE-2021-3914

2022-08-2520:15:09

CWE-79

redhat

web.nvd.nist.gov

cve-2021-3914

smallrye

health

metrics

component

vulnerability

cross-site scripting

xss

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.5%

JSON

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.

Affected configurations

Nvd

Node

redhatbuild_of_quarkusRange<2.7.5

redhatbuild_of_quarkusMatch-text-only

redhatopenshift_application_runtimesMatch1.0

redhatsmallrye_healthMatch-

VendorProductVersionCPE
redhatbuild_of_quarkus*cpe:2.3:a:redhat:build_of_quarkus:*:*:*:*:*:*:*:*
redhatbuild_of_quarkus-cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:text-only:*:*:*
redhatopenshift_application_runtimes1.0cpe:2.3:a:redhat:openshift_application_runtimes:1.0:*:*:*:*:*:*:*
redhatsmallrye_health-cpe:2.3:a:redhat:smallrye_health:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	build_of_quarkus	*	cpe:2.3:a:redhat:build_of_quarkus::::::::
redhat	build_of_quarkus	-	cpe:2.3:a:redhat:build_of_quarkus:-::::text-only:::
redhat	openshift_application_runtimes	1.0	cpe:2.3:a:redhat:openshift_application_runtimes:1.0:::::::*
redhat	smallrye_health	-	cpe:2.3:a:redhat:smallrye_health:-:::::::*

CNA Affected

[
  {
    "product": "smallrye-health",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Not-Known"
      }
    ]
  }
]