Vulnerabilites related to skytable - skytable
CVE-2021-37625 (GCVE-0-2021-37625)
Vulnerability from cvelistv5
Published
2021-08-05 17:15
Modified
2024-08-04 01:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.skytable.io/ve/s/00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "skytable",
"vendor": "skytable",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252: Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "CWE-253: Incorrect Check of Function Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T17:15:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.skytable.io/ve/s/00002.html"
}
],
"source": {
"advisory": "GHSA-q27r-h25m-hcc7",
"discovery": "UNKNOWN"
},
"title": "Incorrect Check of Function Return Value in Skytable",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-37625",
"STATE": "PUBLIC",
"TITLE": "Incorrect Check of Function Return Value in Skytable"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "skytable",
"version": {
"version_data": [
{
"version_value": "\u003c 0.6.4"
}
]
}
}
]
},
"vendor_name": "skytable"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-252: Unchecked Return Value"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-253: Incorrect Check of Function Return Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7",
"refsource": "CONFIRM",
"url": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7"
},
{
"name": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d",
"refsource": "MISC",
"url": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d"
},
{
"name": "https://security.skytable.io/ve/s/00002.html",
"refsource": "MISC",
"url": "https://security.skytable.io/ve/s/00002.html"
}
]
},
"source": {
"advisory": "GHSA-q27r-h25m-hcc7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-37625",
"datePublished": "2021-08-05T17:15:09",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32814 (GCVE-0-2021-32814)
Vulnerability from cvelistv5
Published
2021-08-03 16:25
Modified
2024-08-03 23:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.skytable.io/ve/s/00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "skytable",
"vendor": "skytable",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host\u0027s file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-03T16:25:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.skytable.io/ve/s/00001.html"
}
],
"source": {
"advisory": "GHSA-2hj9-cxmc-m4g7",
"discovery": "UNKNOWN"
},
"title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in Skytable",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32814",
"STATE": "PUBLIC",
"TITLE": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in Skytable"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "skytable",
"version": {
"version_data": [
{
"version_value": "\u003c 0.5.1"
}
]
}
}
]
},
"vendor_name": "skytable"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host\u0027s file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7",
"refsource": "CONFIRM",
"url": "https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7"
},
{
"name": "https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e",
"refsource": "MISC",
"url": "https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e"
},
{
"name": "https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17",
"refsource": "MISC",
"url": "https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17"
},
{
"name": "https://security.skytable.io/ve/s/00001.html",
"refsource": "MISC",
"url": "https://security.skytable.io/ve/s/00001.html"
}
]
},
"source": {
"advisory": "GHSA-2hj9-cxmc-m4g7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32814",
"datePublished": "2021-08-03T16:25:12",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-08-05 18:15
Modified
2024-11-21 06:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7 | Third Party Advisory | |
| security-advisories@github.com | https://security.skytable.io/ve/s/00002.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.skytable.io/ve/s/00002.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| skytable | skytable | 0.1.0 | |
| skytable | skytable | 0.2.0 | |
| skytable | skytable | 0.3.0 | |
| skytable | skytable | 0.3.1 | |
| skytable | skytable | 0.3.2 | |
| skytable | skytable | 0.4.0 | |
| skytable | skytable | 0.4.1 | |
| skytable | skytable | 0.4.2 | |
| skytable | skytable | 0.4.3 | |
| skytable | skytable | 0.4.4 | |
| skytable | skytable | 0.4.5 | |
| skytable | skytable | 0.5.0 | |
| skytable | skytable | 0.5.1 | |
| skytable | skytable | 0.5.2 | |
| skytable | skytable | 0.6.0 | |
| skytable | skytable | 0.6.1 | |
| skytable | skytable | 0.6.2 | |
| skytable | skytable | 0.6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:skytable:skytable:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7A0023-9DCA-437D-BCF7-6E1EA2899E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "790FC927-0EBF-4AE6-A4B4-90310C149DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "129E6A3A-81EB-4584-AE12-1B9A74699747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D48FA2A6-1FDF-4677-8ABF-DF3BE6935284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "001BF079-4783-4197-8D43-367535FAD983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFB2633-7F65-45AA-AC30-461CA771A770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19C54D4B-2164-483C-A9C5-9F60F6B2D512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4431E8E5-BFA8-4DD1-81D1-9A092EE362D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4335E944-F8E7-4C35-9BE9-4007D10B9A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDF3B93-D0FA-451D-8DD4-18F7A417A8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C23C9BA7-AC91-4EA8-BAAC-03A545C4E499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C814B-E134-40F4-B2BC-AB7A8D7A04AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95DF9168-46E2-4A19-A9A2-7A6334FA9C4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "280D42AA-9441-437D-BAC6-73DCA0A7C0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2284DFFE-9C99-4877-886A-E79D7DBD8E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2B7E5F-9305-4FFE-8C15-7D9BC9C514C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE19B368-C086-4575-99E2-F9BEBE7DB161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skytable:skytable:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEFFEC6-4B0A-49FC-BFEF-434E4384763D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm."
},
{
"lang": "es",
"value": "Skytable es una base de datos NoSQL de c\u00f3digo abierto. En versiones anteriores a 0.6.4, una comprobaci\u00f3n incorrecta del valor de retorno de la funci\u00f3n accept en el bucle de ejecuci\u00f3n para un socket TCP/socket TLS/multisocket TCP+TLS causa una salida anticipada del bucle de ejecuci\u00f3n que deber\u00eda continuar infinitamente a menos que sea terminado por un usuario local, causando efectivamente el cierre de todo el servidor de base de datos. Esto presenta un impacto severo y puede ser usado para causar f\u00e1cilmente ataques DoS sin necesidad de usar mucho ancho de banda. Los vectores de ataque incluyen el uso de una conexi\u00f3n TLS incompleta, por ejemplo, no proporcionando el certificado para la conexi\u00f3n, y usando de un paquete TCP especialmente dise\u00f1ado que desencadena el algoritmo de backoff de la capa de aplicaci\u00f3n"
}
],
"id": "CVE-2021-37625",
"lastModified": "2024-11-21T06:15:32.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T18:15:07.443",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security.skytable.io/ve/s/00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security.skytable.io/ve/s/00002.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-252"
},
{
"lang": "en",
"value": "CWE-253"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-252"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-03 17:15
Modified
2024-11-21 06:07
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7 | Third Party Advisory | |
| security-advisories@github.com | https://security.skytable.io/ve/s/00001.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.skytable.io/ve/s/00001.html | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:skytable:skytable:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB4104E6-477A-4B3F-9D87-2F9766EB2FE6",
"versionEndExcluding": "0.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host\u0027s file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading."
},
{
"lang": "es",
"value": "Skytable es una base de datos NoSQL con instant\u00e1neas automatizadas y TLS. Unas versiones anteriores a 0.5.1 son vulnerables a un ataque de salto de directorio que permite a clientes conectados remotamente destruir y/o manipular archivos cr\u00edticos en el sistema de archivos del host. Este bug de seguridad ha sido parcheado en la versi\u00f3n 0.5.1. No hay soluciones conocidas aparte de la actualizaci\u00f3n"
}
],
"id": "CVE-2021-32814",
"lastModified": "2024-11-21T06:07:48.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-03T17:15:12.043",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.skytable.io/ve/s/00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.skytable.io/ve/s/00001.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}