Lucene search
China National Vulnerability DatabaseCNVD-2021-102868HistoryAug 17, 2021 - 12:00 a.m.
Microsoft OneFuzz has an unspecified vulnerability
2021-08-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
microsoft onefuzz
authorization check
security vulnerability
azure computing resources
unauthorized code execution
EPSS
0.007
Percentile
80.7%
Microsoft OneFuzz is a cross-platform, free and open source fuzz testing framework from Microsoft Corporation (Microsoft).A security vulnerability exists in Microsoft OneFuzz versions 2.12.0 through 2.31.0, which stems from an incomplete authorization check in the affected product versions, which can be invoked by any authenticated user through the Authorization interface calls, read and write access to private data, and can tamper with existing data as well as in Azure computing resources, and an attacker can use the vulnerability to execute unauthorized code.
Related
osv
osv
CVE-2021-37705
2021-08-13 21:15:06
PYSEC-2021-344
2021-08-13 21:15:00
Improper Authorization and Origin Validation Error in OneFuzz
2021-08-13 20:16:32
prion
prion
Authorization
2021-08-13 21:15:00
nvd
nvd
CVE-2021-37705
2021-08-13 21:15:06
veracode
veracode
Privilege Escalation
2021-08-16 04:39:57
cvelist
cvelist
CVE-2021-37705 Improper Authorization and Origin Validation Error in OneFuzz
2021-08-13 20:15:11
github
github
Improper Authorization and Origin Validation Error in OneFuzz
2021-08-13 20:16:32
cve
cve
CVE-2021-37705
2021-08-13 21:15:06