Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-670
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Elastic. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Elastic | Kibana | Kibana versions antérieures à 7.14.1 | ||
Elastic | Elasticsearch | Elasticsearch versions antérieures à 7.14.1 |
References
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Kibana versions ant\u00e9rieures \u00e0 7.14.1", "product": { "name": "Kibana", "vendor": { "name": "Elastic", "scada": false } } }, { "description": "Elasticsearch versions ant\u00e9rieures \u00e0 7.14.1", "product": { "name": "Elasticsearch", "vendor": { "name": "Elastic", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2021-37936", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37936" }, { "name": "CVE-2021-22930", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22930" }, { "name": "CVE-2021-22939", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22939" }, { "name": "CVE-2021-37937", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37937" }, { "name": "CVE-2021-22150", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22150" }, { "name": "CVE-2021-22931", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22931" }, { "name": "CVE-2021-22151", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22151" } ], "initial_release_date": "2021-09-02T00:00:00", "last_revision_date": "2021-09-02T00:00:00", "links": [], "reference": "CERTFR-2021-AVI-670", "revisions": [ { "description": "Version initiale", "revision_date": "2021-09-02T00:00:00.000000" } ], "risks": [ { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nElastic. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une injection\nde code indirecte \u00e0 distance (XSS).\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Elastic du 01 septembre 2021", "url": "https://www.elastic.co/fr/community/security/" } ] }
CVE-2021-22151 (GCVE-0-2021-22151)
Vulnerability from cvelistv5
Published
2023-11-22 00:36
Modified
2024-10-11 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
Summary
It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:37:16.711Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077" }, { "tags": [ "x_transferred" ], "url": "https://www.elastic.co/community/security" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-22151", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T17:51:46.378467Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T18:06:45.178Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Kibana", "vendor": "Elastic", "versions": [ { "lessThan": "7.14.0", "status": "affected", "version": "7.9.0", "versionType": "semver" } ] } ], "datePublic": "2021-09-01T16:10:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension." } ], "value": "It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-22T00:36:51.150Z", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077" }, { "url": "https://www.elastic.co/community/security" } ], "source": { "discovery": "UNKNOWN" }, "title": "Kibana path traversal issue", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2021-22151", "datePublished": "2023-11-22T00:36:51.150Z", "dateReserved": "2021-01-04T20:17:39.860Z", "dateUpdated": "2024-10-11T18:06:45.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-22931 (GCVE-0-2021-22931)
Vulnerability from cvelistv5
Published
2021-08-16 00:00
Modified
2025-04-30 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-170 - Improper Null Termination ()
Summary
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:58:25.927Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/" }, { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1178337" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210923-0001/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211022-0003/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "GLSA-202401-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-02" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-22931", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-01-11T21:01:01.127709Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-18T21:43:52.191Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Node", "vendor": "NodeJS", "versions": [ { "lessThan": "4.*", "status": "affected", "version": "4.0", "versionType": "semver" }, { "lessThan": "5.*", "status": "affected", "version": "5.0", "versionType": "semver" }, { "lessThan": "6.*", "status": "affected", "version": "6.0", "versionType": "semver" }, { "lessThan": "7.*", "status": "affected", "version": "7.0", "versionType": "semver" }, { "lessThan": "8.*", "status": "affected", "version": "8.0", "versionType": "semver" }, { "lessThan": "9.*", "status": "affected", "version": "9.0", "versionType": "semver" }, { "lessThan": "10.*", "status": "affected", "version": "10.0", "versionType": "semver" }, { "lessThan": "11.*", "status": "affected", "version": "11.0", "versionType": "semver" }, { "lessThan": "12.22.5", "status": "affected", "version": "12.0", "versionType": "semver" }, { "lessThan": "13.*", "status": "affected", "version": "13.0", "versionType": "semver" }, { "lessThan": "14.17.5", "status": "affected", "version": "14.0", "versionType": "semver" }, { "lessThan": "15.*", "status": "affected", "version": "15.0", "versionType": "semver" }, { "lessThan": "16.6.2", "status": "affected", "version": "16.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-170", "description": "Improper Null Termination (CWE-170)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-30T22:24:34.672Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/" }, { "url": "https://hackerone.com/reports/1178337" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "url": "https://security.netapp.com/advisory/ntap-20210923-0001/" }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20211022-0003/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "GLSA-202401-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202401-02" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2021-22931", "datePublished": "2021-08-16T00:00:00", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2025-04-30T22:24:34.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-22930 (GCVE-0-2021-22930)
Vulnerability from cvelistv5
Published
2021-10-07 00:00
Modified
2025-04-30 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:58:26.157Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1238162" }, { "tags": [ "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211112-0002/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html" }, { "name": "GLSA-202401-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Node", "vendor": "NodeJS", "versions": [ { "lessThan": "4.*", "status": "affected", "version": "4.0", "versionType": "semver" }, { "lessThan": "5.*", "status": "affected", "version": "5.0", "versionType": "semver" }, { "lessThan": "6.*", "status": "affected", "version": "6.0", "versionType": "semver" }, { "lessThan": "7.*", "status": "affected", "version": "7.0", "versionType": "semver" }, { "lessThan": "8.*", "status": "affected", "version": "8.0", "versionType": "semver" }, { "lessThan": "9.*", "status": "affected", "version": "9.0", "versionType": "semver" }, { "lessThan": "10.*", "status": "affected", "version": "10.0", "versionType": "semver" }, { "lessThan": "11.*", "status": "affected", "version": "11.0", "versionType": "semver" }, { "lessThan": "12.22.4", "status": "affected", "version": "12.0", "versionType": "semver" }, { "lessThan": "13.*", "status": "affected", "version": "13.0", "versionType": "semver" }, { "lessThan": "14.17.4", "status": "affected", "version": "14.0", "versionType": "semver" }, { "lessThan": "15.*", "status": "affected", "version": "15.0", "versionType": "semver" }, { "lessThan": "16.6.0", "status": "affected", "version": "16.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free (CWE-416)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-30T22:24:32.104Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1238162" }, { "url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/" }, { "url": "https://security.netapp.com/advisory/ntap-20211112-0002/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html" }, { "name": "GLSA-202401-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202401-02" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2021-22930", "datePublished": "2021-10-07T00:00:00", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2025-04-30T22:24:32.104Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-37936 (GCVE-0-2021-37936)
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2025-04-29 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation
Summary
It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:30:09.032Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.elastic.co/community/security/" }, { "tags": [ "x_transferred" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-37936", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-29T14:41:25.625879Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-29T14:41:56.213Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Kibana", "vendor": "Elastic", "versions": [ { "status": "affected", "version": "versions before 7.14.1" } ] } ], "descriptions": [ { "lang": "en", "value": "It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-18T00:00:00.000Z", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "url": "https://www.elastic.co/community/security/" }, { "url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077" } ] } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2021-37936", "datePublished": "2022-11-18T00:00:00.000Z", "dateReserved": "2021-08-03T00:00:00.000Z", "dateUpdated": "2025-04-29T14:41:56.213Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-22939 (GCVE-0-2021-22939)
Vulnerability from cvelistv5
Published
2021-08-16 00:00
Modified
2025-04-30 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation ()
Summary
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
References
URL | Tags | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:58:26.311Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/" }, { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1278254" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210917-0003/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html" }, { "name": "GLSA-202401-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Node", "vendor": "NodeJS", "versions": [ { "lessThan": "4.*", "status": "affected", "version": "4.0", "versionType": "semver" }, { "lessThan": "5.*", "status": "affected", "version": "5.0", "versionType": "semver" }, { "lessThan": "6.*", "status": "affected", "version": "6.0", "versionType": "semver" }, { "lessThan": "7.*", "status": "affected", "version": "7.0", "versionType": "semver" }, { "lessThan": "8.*", "status": "affected", "version": "8.0", "versionType": "semver" }, { "lessThan": "9.*", "status": "affected", "version": "9.0", "versionType": "semver" }, { "lessThan": "10.*", "status": "affected", "version": "10.0", "versionType": "semver" }, { "lessThan": "11.*", "status": "affected", "version": "11.0", "versionType": "semver" }, { "lessThan": "12.22.5", "status": "affected", "version": "12.0", "versionType": "semver" }, { "lessThan": "13.*", "status": "affected", "version": "13.0", "versionType": "semver" }, { "lessThan": "14.17.5", "status": "affected", "version": "14.0", "versionType": "semver" }, { "lessThan": "15.*", "status": "affected", "version": "15.0", "versionType": "semver" }, { "lessThan": "16.6.2", "status": "affected", "version": "16.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "If the Node.js https API was used incorrectly and \"undefined\" was in passed for the \"rejectUnauthorized\" parameter, no error was returned and connections to servers with an expired certificate would have been accepted." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "Improper Certificate Validation (CWE-295)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-30T22:24:36.404Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/" }, { "url": "https://hackerone.com/reports/1278254" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "url": "https://security.netapp.com/advisory/ntap-20210917-0003/" }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html" }, { "name": "GLSA-202401-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202401-02" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2021-22939", "datePublished": "2021-08-16T00:00:00", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2025-04-30T22:24:36.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-22150 (GCVE-0-2021-22150)
Vulnerability from cvelistv5
Published
2023-11-22 00:30
Modified
2024-12-02 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code
Summary
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:37:18.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077" }, { "tags": [ "x_transferred" ], "url": "https://www.elastic.co/community/security" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-22150", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-02T20:33:16.905309Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-02T20:33:49.277Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Kibana", "vendor": "Elastic", "versions": [ { "lessThan": "7.14.0", "status": "affected", "version": "7.10.2", "versionType": "semver" } ] } ], "datePublic": "2021-09-01T16:10:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.\u003cbr\u003e" } ], "value": "It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-22T00:30:56.115Z", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077" }, { "url": "https://www.elastic.co/community/security" } ], "source": { "discovery": "UNKNOWN" }, "title": "Kibana code execution issue", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2021-22150", "datePublished": "2023-11-22T00:30:56.115Z", "dateReserved": "2021-01-04T20:17:39.859Z", "dateUpdated": "2024-12-02T20:33:49.277Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-37937 (GCVE-0-2021-37937)
Vulnerability from cvelistv5
Published
2023-11-22 01:45
Modified
2024-08-04 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Elastic | Elasticsearch |
Version: 7.13.0 ≤ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:30:08.934Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077" }, { "tags": [ "x_transferred" ], "url": "https://www.elastic.co/community/security" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Elasticsearch", "vendor": "Elastic", "versions": [ { "lessThan": "7.14.0", "status": "affected", "version": "7.13.0", "versionType": "semver" } ] } ], "datePublic": "2021-09-01T16:10:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user." } ], "value": "An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-22T01:45:21.008Z", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077" }, { "url": "https://www.elastic.co/community/security" } ], "source": { "discovery": "UNKNOWN" }, "title": "Elasticsearch privilege escalation", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2021-37937", "datePublished": "2023-11-22T01:45:21.008Z", "dateReserved": "2021-08-03T20:49:52.461Z", "dateUpdated": "2024-08-04T01:30:08.934Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…