{"vulnerability": "CVE-2021-4180", "sightings": [{"uuid": "d88f8771-4a2e-4273-885c-791867aa6311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41803", "type": "seen", "source": "https://t.me/cibsecurity/50297", "content": "\u203c CVE-2021-41803 \u203c\n\nHashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T07:12:55.000000Z"}, {"uuid": "d094748e-6c63-415a-8321-220e32ba0709", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41805", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9750", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aA proof-of-concept for CVE-2021-41805 which is a vulnerability in HashiCorp Consul Enterprise allowing for Remote Code Execution (RCE).\nURL\uff1ahttps://github.com/acfirthh/CVE-2021-41805\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-01-07T22:46:03.000000Z"}, {"uuid": "f88d05c1-469f-48c8-816f-b83ad6670a2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4180", "type": "seen", "source": "https://t.me/cibsecurity/39451", "content": "\u203c CVE-2021-4180 \u203c\n\nAn information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-23T23:29:10.000000Z"}, {"uuid": "a2ffa53c-f032-4e7d-989b-c67fab700711", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41809", "type": "seen", "source": "https://t.me/cibsecurity/35723", "content": "\u203c CVE-2021-41809 \u203c\n\nSSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-18T20:24:57.000000Z"}, {"uuid": "ff77de46-9f34-4a14-8478-2234313938be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41807", "type": "seen", "source": "https://t.me/cibsecurity/35715", "content": "\u203c CVE-2021-41807 \u203c\n\nLack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-18T20:24:48.000000Z"}, {"uuid": "75a3e41b-58d6-41c4-be17-1d44c7e30cff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41802", "type": "seen", "source": "https://t.me/cibsecurity/30255", "content": "\u203c CVE-2021-41802 \u203c\n\nHashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user\u00e2\u20ac\u2122s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T20:40:22.000000Z"}]}