Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-21276
HistoryFeb 01, 2021 - 3:15 p.m.

CVE-2021-21276

2021-02-0115:15:13
CWE-863
[email protected]
web.nvd.nist.gov
15
7
polr
open source
url shortener
vulnerability
setup
admin access
cve-2021-21276
security fix
patch

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

9.1 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.0%

JSON

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users’ settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.

Affected configurations

Vulners
NVD
Node
cydroboltpolrRange<2.3.0

CNA Affected

[
  {
    "vendor": "cydrobolt",
    "product": "polr",
    "versions": [
      {
        "version": "< 2.3.0",
        "status": "affected"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
zdt 1
osv 1
nvd 1
packetstorm 1
prion 1
exploitdb 1
cvelist
cvelist
CVE-2021-21276 Privilege escalation in Polr
2021-02-01 00:00:00
zdt
zdt
POLR URL 2.3.0 - Shortener Admin Account Takeover Exploit
2023-04-06 00:00:00
osv
osv
CVE-2021-21276
2021-02-01 15:15:13
nvd
nvd
CVE-2021-21276
2021-02-01 15:15:13
packetstorm
packetstorm
POLR URL 2.3.0 Shortener Admin Takeover
2023-04-06 00:00:00
prion
prion
Code injection
2021-02-01 15:15:00
exploitdb
exploitdb
POLR URL 2.3.0 - Shortener Admin Takeover
2023-04-06 00:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

9.1 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.0%

JSON
Related for CVE-2021-21276
cvelist1zdt1osv1nvd1packetstorm1prion1exploitdb1