Lucene search

DIVDCVE-2021-42079

HistoryJul 10, 2023 - 4:15 p.m.

CVE-2021-42079

2023-07-1016:15:47

CWE-918

DIVD

web.nvd.nist.gov

cve-2021-42079

authenticated

administrator

alert

ssrf

post requests

nvd

CVSS3

6.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.

Affected configurations

Nvd

Node

osnexusquantastorRange<6.0.0.355

VendorProductVersionCPE
osnexusquantastor*cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
osnexus	quantastor	*	cpe:2.3:a:osnexus:quantastor::::::::

CNA Affected

[
  {
    "collectionURL": "https://www.osnexus.com/downloads",
    "defaultStatus": "unknown",
    "platforms": [
      "Windows",
      "Linux"
    ],
    "product": "QuantaStor",
    "vendor": "OSNEXUS",
    "versions": [
      {
        "lessThan": "6.0.0.355",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

csirt.divd.nl/CVE-2021-42079

www.divd.nl/DIVD-2021-00020

www.osnexus.com/products/software-defined-storage

www.wbsec.nl/osnexus

CVSS3

6.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

Related for CVE-2021-42079