CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')
The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.
CVE-2015-10003 (GCVE-0-2015-10003)
Vulnerability from cvelistv5
Published
2022-07-17 06:35
Modified
2025-04-15 14:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-441 - Unintended Intermediary
Summary
A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FileZilla | Server |
Version: 0.9.0 Version: 0.9.1 Version: 0.9.2 Version: 0.9.3 Version: 0.9.4 Version: 0.9.5 Version: 0.9.6 Version: 0.9.7 Version: 0.9.8 Version: 0.9.9 Version: 0.9.10 Version: 0.9.11 Version: 0.9.12 Version: 0.9.13 Version: 0.9.14 Version: 0.9.15 Version: 0.9.16 Version: 0.9.17 Version: 0.9.18 Version: 0.9.19 Version: 0.9.20 Version: 0.9.21 Version: 0.9.22 Version: 0.9.23 Version: 0.9.24 Version: 0.9.25 Version: 0.9.26 Version: 0.9.27 Version: 0.9.28 Version: 0.9.29 Version: 0.9.30 Version: 0.9.31 Version: 0.9.32 Version: 0.9.33 Version: 0.9.34 Version: 0.9.35 Version: 0.9.36 Version: 0.9.37 Version: 0.9.38 Version: 0.9.39 Version: 0.9.40 Version: 0.9.41 Version: 0.9.42 Version: 0.9.43 Version: 0.9.44 Version: 0.9.45 Version: 0.9.46 Version: 0.9.47 Version: 0.9.48 Version: 0.9.49 Version: 0.9.50 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:24.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.97203"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2015-10003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:12:25.035988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:04:51.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Server",
"vendor": "FileZilla",
"versions": [
{
"status": "affected",
"version": "0.9.0"
},
{
"status": "affected",
"version": "0.9.1"
},
{
"status": "affected",
"version": "0.9.2"
},
{
"status": "affected",
"version": "0.9.3"
},
{
"status": "affected",
"version": "0.9.4"
},
{
"status": "affected",
"version": "0.9.5"
},
{
"status": "affected",
"version": "0.9.6"
},
{
"status": "affected",
"version": "0.9.7"
},
{
"status": "affected",
"version": "0.9.8"
},
{
"status": "affected",
"version": "0.9.9"
},
{
"status": "affected",
"version": "0.9.10"
},
{
"status": "affected",
"version": "0.9.11"
},
{
"status": "affected",
"version": "0.9.12"
},
{
"status": "affected",
"version": "0.9.13"
},
{
"status": "affected",
"version": "0.9.14"
},
{
"status": "affected",
"version": "0.9.15"
},
{
"status": "affected",
"version": "0.9.16"
},
{
"status": "affected",
"version": "0.9.17"
},
{
"status": "affected",
"version": "0.9.18"
},
{
"status": "affected",
"version": "0.9.19"
},
{
"status": "affected",
"version": "0.9.20"
},
{
"status": "affected",
"version": "0.9.21"
},
{
"status": "affected",
"version": "0.9.22"
},
{
"status": "affected",
"version": "0.9.23"
},
{
"status": "affected",
"version": "0.9.24"
},
{
"status": "affected",
"version": "0.9.25"
},
{
"status": "affected",
"version": "0.9.26"
},
{
"status": "affected",
"version": "0.9.27"
},
{
"status": "affected",
"version": "0.9.28"
},
{
"status": "affected",
"version": "0.9.29"
},
{
"status": "affected",
"version": "0.9.30"
},
{
"status": "affected",
"version": "0.9.31"
},
{
"status": "affected",
"version": "0.9.32"
},
{
"status": "affected",
"version": "0.9.33"
},
{
"status": "affected",
"version": "0.9.34"
},
{
"status": "affected",
"version": "0.9.35"
},
{
"status": "affected",
"version": "0.9.36"
},
{
"status": "affected",
"version": "0.9.37"
},
{
"status": "affected",
"version": "0.9.38"
},
{
"status": "affected",
"version": "0.9.39"
},
{
"status": "affected",
"version": "0.9.40"
},
{
"status": "affected",
"version": "0.9.41"
},
{
"status": "affected",
"version": "0.9.42"
},
{
"status": "affected",
"version": "0.9.43"
},
{
"status": "affected",
"version": "0.9.44"
},
{
"status": "affected",
"version": "0.9.45"
},
{
"status": "affected",
"version": "0.9.46"
},
{
"status": "affected",
"version": "0.9.47"
},
{
"status": "affected",
"version": "0.9.48"
},
{
"status": "affected",
"version": "0.9.49"
},
{
"status": "affected",
"version": "0.9.50"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amit Klein"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Intermediary",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-17T06:35:12.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.97203"
}
],
"title": "FileZilla Server PORT confused deputy",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2015-10003",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "FileZilla Server PORT confused deputy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Server",
"version": {
"version_data": [
{
"version_value": "0.9.0"
},
{
"version_value": "0.9.1"
},
{
"version_value": "0.9.2"
},
{
"version_value": "0.9.3"
},
{
"version_value": "0.9.4"
},
{
"version_value": "0.9.5"
},
{
"version_value": "0.9.6"
},
{
"version_value": "0.9.7"
},
{
"version_value": "0.9.8"
},
{
"version_value": "0.9.9"
},
{
"version_value": "0.9.10"
},
{
"version_value": "0.9.11"
},
{
"version_value": "0.9.12"
},
{
"version_value": "0.9.13"
},
{
"version_value": "0.9.14"
},
{
"version_value": "0.9.15"
},
{
"version_value": "0.9.16"
},
{
"version_value": "0.9.17"
},
{
"version_value": "0.9.18"
},
{
"version_value": "0.9.19"
},
{
"version_value": "0.9.20"
},
{
"version_value": "0.9.21"
},
{
"version_value": "0.9.22"
},
{
"version_value": "0.9.23"
},
{
"version_value": "0.9.24"
},
{
"version_value": "0.9.25"
},
{
"version_value": "0.9.26"
},
{
"version_value": "0.9.27"
},
{
"version_value": "0.9.28"
},
{
"version_value": "0.9.29"
},
{
"version_value": "0.9.30"
},
{
"version_value": "0.9.31"
},
{
"version_value": "0.9.32"
},
{
"version_value": "0.9.33"
},
{
"version_value": "0.9.34"
},
{
"version_value": "0.9.35"
},
{
"version_value": "0.9.36"
},
{
"version_value": "0.9.37"
},
{
"version_value": "0.9.38"
},
{
"version_value": "0.9.39"
},
{
"version_value": "0.9.40"
},
{
"version_value": "0.9.41"
},
{
"version_value": "0.9.42"
},
{
"version_value": "0.9.43"
},
{
"version_value": "0.9.44"
},
{
"version_value": "0.9.45"
},
{
"version_value": "0.9.46"
},
{
"version_value": "0.9.47"
},
{
"version_value": "0.9.48"
},
{
"version_value": "0.9.49"
},
{
"version_value": "0.9.50"
}
]
}
}
]
},
"vendor_name": "FileZilla"
}
]
}
},
"credit": "Amit Klein",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unintended Intermediary"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory",
"refsource": "MISC",
"url": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory"
},
{
"name": "https://vuldb.com/?id.97203",
"refsource": "MISC",
"url": "https://vuldb.com/?id.97203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2015-10003",
"datePublished": "2022-07-17T06:35:12.000Z",
"dateReserved": "2022-07-16T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:04:51.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1841 (GCVE-0-2019-1841)
Vulnerability from cvelistv5
Published
2019-04-18 01:30
Modified
2024-11-20 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) |
Version: unspecified < DNAC1.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190417 Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-swim-proxy"
},
{
"name": "108084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108084"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:55:21.818957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:24:21.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Digital Network Architecture Center (DNA Center)",
"vendor": "Cisco",
"versions": [
{
"lessThan": "DNAC1.2.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T06:06:06",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190417 Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-swim-proxy"
},
{
"name": "108084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108084"
}
],
"source": {
"advisory": "cisco-sa-20190417-swim-proxy",
"defect": [
[
"CSCvj93985"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-04-17T16:00:00-0700",
"ID": "CVE-2019-1841",
"STATE": "PUBLIC",
"TITLE": "Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Digital Network Architecture Center (DNA Center)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "DNAC1.2.5"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190417 Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-swim-proxy"
},
{
"name": "108084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108084"
}
]
},
"source": {
"advisory": "cisco-sa-20190417-swim-proxy",
"defect": [
[
"CSCvj93985"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1841",
"datePublished": "2019-04-18T01:30:15.530870Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-20T17:24:21.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3924 (GCVE-0-2019-3924)
Vulnerability from cvelistv5
Published
2019-02-20 20:00
Modified
2024-09-17 02:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-441 - Unauthenticated Intermediary
Summary
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenable | MikroTik RouterOS |
Version: RouterOS long-term 6.42.11 and below, RouterOS stable 6.43.11 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46444",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"name": "107177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MikroTik RouterOS",
"vendor": "Tenable",
"versions": [
{
"status": "affected",
"version": "RouterOS long-term 6.42.11 and below, RouterOS stable 6.43.11 and below"
}
]
}
],
"datePublic": "2019-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unauthenticated Intermediary",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-05T10:57:02",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "46444",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"name": "107177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2019-02-12T00:00:00",
"ID": "CVE-2019-3924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS long-term 6.42.11 and below, RouterOS stable 6.43.11 and below"
}
]
}
}
]
},
"vendor_name": "Tenable"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unauthenticated Intermediary"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46444",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"name": "https://www.tenable.com/security/research/tra-2019-07",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"name": "107177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3924",
"datePublished": "2019-02-20T20:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:46:52.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3996 (GCVE-0-2019-3996)
Vulnerability from cvelistv5
Published
2019-12-17 21:59
Modified
2024-08-04 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-441 - Unintended Proxy
Summary
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-53"
},
{
"name": "FEDORA-2020-9f8bc040c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/"
},
{
"name": "FEDORA-2020-f49fe7f011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ELOG",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ELOG 3.1.4-57bea22 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-25T08:06:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-53"
},
{
"name": "FEDORA-2020-9f8bc040c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/"
},
{
"name": "FEDORA-2020-f49fe7f011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ELOG",
"version": {
"version_data": [
{
"version_value": "ELOG 3.1.4-57bea22 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unintended Proxy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-53",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-53"
},
{
"name": "FEDORA-2020-9f8bc040c8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/"
},
{
"name": "FEDORA-2020-f49fe7f011",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3996",
"datePublished": "2019-12-17T21:59:22",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26262 (GCVE-0-2020-26262)
Vulnerability from cvelistv5
Published
2021-01-13 18:15
Modified
2024-08-04 15:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48"
},
{
"name": "FEDORA-2021-dee141fc61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G54UIUFTEC6RLPOISMB6FUW7456SBZC4/"
},
{
"name": "FEDORA-2021-32d0068851",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4CJOPAQT43MYAFU3UROGLEXN3Z6RS4H/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "coturn",
"vendor": "coturn",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T02:06:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48"
},
{
"name": "FEDORA-2021-dee141fc61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G54UIUFTEC6RLPOISMB6FUW7456SBZC4/"
},
{
"name": "FEDORA-2021-32d0068851",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4CJOPAQT43MYAFU3UROGLEXN3Z6RS4H/"
}
],
"source": {
"advisory": "GHSA-6g6j-r9rf-cm7p",
"discovery": "UNKNOWN"
},
"title": "Loopback bypass in Coturn",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26262",
"STATE": "PUBLIC",
"TITLE": "Loopback bypass in Coturn"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "coturn",
"version": {
"version_data": [
{
"version_value": "\u003c 4.5.2"
}
]
}
}
]
},
"vendor_name": "coturn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-682 Incorrect Calculation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p",
"refsource": "CONFIRM",
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
},
{
"name": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d",
"refsource": "MISC",
"url": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d"
},
{
"name": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48",
"refsource": "MISC",
"url": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48"
},
{
"name": "FEDORA-2021-dee141fc61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G54UIUFTEC6RLPOISMB6FUW7456SBZC4/"
},
{
"name": "FEDORA-2021-32d0068851",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4CJOPAQT43MYAFU3UROGLEXN3Z6RS4H/"
}
]
},
"source": {
"advisory": "GHSA-6g6j-r9rf-cm7p",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26262",
"datePublished": "2021-01-13T18:15:17",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:03.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5412 (GCVE-0-2020-5412)
Vulnerability from cvelistv5
Published
2020-08-07 20:45
Modified
2024-09-16 18:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-441 - Unintended Proxy or Intermediary
Summary
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring by VMware | Spring Cloud Netflix |
Version: 2.2 < 2.2.4 Version: 2.1 < 2.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Cloud Netflix",
"vendor": "Spring by VMware",
"versions": [
{
"lessThan": "2.2.4",
"status": "affected",
"version": "2.2",
"versionType": "custom"
},
{
"lessThan": "2.1.6",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441: Unintended Proxy or Intermediary",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-07T20:45:13",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5412"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-08-05T00:00:00.000Z",
"ID": "CVE-2020-5412",
"STATE": "PUBLIC",
"TITLE": "Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Cloud Netflix",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.2",
"version_value": "2.2.4"
},
{
"version_affected": "\u003c",
"version_name": "2.1",
"version_value": "2.1.6"
}
]
}
}
]
},
"vendor_name": "Spring by VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly."
}
]
},
"impact": null,
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441: Unintended Proxy or Intermediary"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2020-5412",
"refsource": "CONFIRM",
"url": "https://tanzu.vmware.com/security/cve-2020-5412"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5412",
"datePublished": "2020-08-07T20:45:13.154243Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:24:52.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8561 (GCVE-0-2020-8561)
Vulnerability from cvelistv5
Published
2021-09-20 17:05
Modified
2024-09-16 22:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-441 - Unintended Proxy or Intermediary
Summary
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/104720"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.20.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.20.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.21.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.21.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.22.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.22.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "QiQi Xu"
}
],
"datePublic": "2021-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy or Intermediary",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-14T08:06:21",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/104720"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0002/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/104720"
],
"discovery": "EXTERNAL"
},
"title": "Webhook redirect in kube-apiserver",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-09-15T21:15:00.000Z",
"ID": "CVE-2020-8561",
"STATE": "PUBLIC",
"TITLE": "Webhook redirect in kube-apiserver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.20.11"
},
{
"version_affected": "\u003e?",
"version_value": "1.20.11"
},
{
"version_affected": "\u003c=",
"version_value": "1.21.5"
},
{
"version_affected": "\u003e?",
"version_value": "1.21.5"
},
{
"version_affected": "\u003c=",
"version_value": "1.22.2"
},
{
"version_affected": "\u003e?",
"version_value": "1.22.2"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "QiQi Xu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unintended Proxy or Intermediary"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/104720",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/104720"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211014-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211014-0002/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/104720"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8561",
"datePublished": "2021-09-20T17:05:16.328714Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-16T22:29:49.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20042 (GCVE-0-2021-20042)
Vulnerability from cvelistv5
Published
2021-12-08 09:55
Modified
2024-08-03 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
Summary
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SonicWall | SonicWall SMA100 |
Version: 9.0.0.11-31sv and earlier Version: 10.2.0.8-37sv and earlier Version: 10.2.1.1-19sv and earlier Version: 10.2.1.2-24sv and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicWall SMA100",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "9.0.0.11-31sv and earlier"
},
{
"status": "affected",
"version": "10.2.0.8-37sv and earlier"
},
{
"status": "affected",
"version": "10.2.1.1-19sv and earlier"
},
{
"status": "affected",
"version": "10.2.1.2-24sv and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-08T09:55:25",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2021-20042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicWall SMA100",
"version": {
"version_data": [
{
"version_value": "9.0.0.11-31sv and earlier"
},
{
"version_value": "10.2.0.8-37sv and earlier"
},
{
"version_value": "10.2.1.1-19sv and earlier"
},
{
"version_value": "10.2.1.2-24sv and earlier"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2021-20042",
"datePublished": "2021-12-08T09:55:25",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25740 (GCVE-0-2021-25740)
Vulnerability from cvelistv5
Published
2021-09-20 17:05
Modified
2024-09-16 19:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-441 - Unintended Proxy or Intermediary
Summary
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/103675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.20.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.20.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.21.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.21.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.22.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.22.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rob Scott"
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy or Intermediary",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-14T08:06:14",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/103675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0001/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/103675"
],
"discovery": "EXTERNAL"
},
"title": "Holes in EndpointSlice Validation Enable Host Network Hijack",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-07-14T21:23:00.000Z",
"ID": "CVE-2021-25740",
"STATE": "PUBLIC",
"TITLE": "Holes in EndpointSlice Validation Enable Host Network Hijack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.20.11"
},
{
"version_affected": "\u003e?",
"version_value": "1.20.11"
},
{
"version_affected": "\u003c=",
"version_value": "1.21.5"
},
{
"version_affected": "\u003e?",
"version_value": "1.21.5"
},
{
"version_affected": "\u003c=",
"version_value": "1.22.2"
},
{
"version_affected": "\u003e?",
"version_value": "1.22.2"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rob Scott"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unintended Proxy or Intermediary"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/103675",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/103675"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211014-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211014-0001/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/103675"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25740",
"datePublished": "2021-09-20T17:05:18.065542Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-16T19:30:45.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32773 (GCVE-0-2021-32773)
Vulnerability from cvelistv5
Published
2021-07-19 23:55
Modified
2024-08-03 23:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
Summary
Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow system functions to be controlled by the attacker, giving access to facilities intended to be restricted. This problem is fixed in Racket version 8.2. A workaround is available, depending on system settings. For systems that provide arbitrary Racket evaluation, external sandboxing such as containers limit the impact of the problem. For multi-user evaluation systems, such as the `handin-server` system, it is not possible to work around this problem and upgrading is required.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/racket/racket/commit/6ca4ffeca1e5877d44f835760ad89f18488d97e1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "racket",
"vendor": "racket",
"versions": [
{
"status": "affected",
"version": "\u003c 8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow system functions to be controlled by the attacker, giving access to facilities intended to be restricted. This problem is fixed in Racket version 8.2. A workaround is available, depending on system settings. For systems that provide arbitrary Racket evaluation, external sandboxing such as containers limit the impact of the problem. For multi-user evaluation systems, such as the `handin-server` system, it is not possible to work around this problem and upgrading is required."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T23:55:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/racket/racket/commit/6ca4ffeca1e5877d44f835760ad89f18488d97e1"
}
],
"source": {
"advisory": "GHSA-cgrw-p7p7-937c",
"discovery": "UNKNOWN"
},
"title": "Confused deputy attack in sandbox module resolution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32773",
"STATE": "PUBLIC",
"TITLE": "Confused deputy attack in sandbox module resolution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "racket",
"version": {
"version_data": [
{
"version_value": "\u003c 8.2"
}
]
}
}
]
},
"vendor_name": "racket"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow system functions to be controlled by the attacker, giving access to facilities intended to be restricted. This problem is fixed in Racket version 8.2. A workaround is available, depending on system settings. For systems that provide arbitrary Racket evaluation, external sandboxing such as containers limit the impact of the problem. For multi-user evaluation systems, such as the `handin-server` system, it is not possible to work around this problem and upgrading is required."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c",
"refsource": "CONFIRM",
"url": "https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c"
},
{
"name": "https://github.com/racket/racket/commit/6ca4ffeca1e5877d44f835760ad89f18488d97e1",
"refsource": "MISC",
"url": "https://github.com/racket/racket/commit/6ca4ffeca1e5877d44f835760ad89f18488d97e1"
}
]
},
"source": {
"advisory": "GHSA-cgrw-p7p7-937c",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32773",
"datePublished": "2021-07-19T23:55:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Enforce the use of strong mutual authentication mechanism between the two parties.
Mitigation
Phase: Architecture and Design
Description:
- Whenever a product is an intermediary or proxy for transactions between two other components, the proxy core should not drop the identity of the initiator of the transaction. The immutability of the identity of the initiator must be maintained and should be forwarded all the way to the target.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.
CAPEC-465: Transparent Proxy Abuse
A transparent proxy serves as an intermediate between the client and the internet at large. It intercepts all requests originating from the client and forwards them to the correct location. The proxy also intercepts all responses to the client and forwards these to the client. All of this is done in a manner transparent to the client.