6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.6%
Authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server.
This issue was addressed by improving UpdateConfigCommandHandler
and preventing the use of new lines characters in new configuration values.
Only allow trusted source IP addresses to access to the administration dashboard.
If you have any questions or comments about this advisory, you can contact:
CPE | Name | Operator | Version |
---|---|---|---|
cachethq/cachet | lt | 2.5.1 |
blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection/
github.com/advisories/GHSA-9jxw-cfrh-jxq6
github.com/fiveai/Cachet/commit/6442976c25930cb370c65a22784b9caee7ed1de2
github.com/fiveai/Cachet/releases/tag/v2.5.1
github.com/fiveai/Cachet/security/advisories/GHSA-9jxw-cfrh-jxq6
nvd.nist.gov/vuln/detail/CVE-2021-39172
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.6%