HIGH🇬🇧 English

CVE-2021-42559

CVSS 8.8v3.1pub. 2022-01-12upd. 2024-11-21

An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Mitre Caldera

    APP
    Mitre
    ≤ 2.8.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-42560HIGH8.8ten sam produkt

An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when gen...

CVE-2021-42562HIGH8.1ten sam produkt

An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-adm...

CVE-2021-42561HIGH8.8ten sam produkt

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name paramet...

CVE-2020-19907HIGH8.8ten sam produkt

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated atta...

CVE-2022-41139MEDIUM5.4ten sam produkt

MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading...