Lucene search

[email protected]CVE-2021-33831

HistorySep 07, 2021 - 6:15 a.m.

CVE-2021-33831

2021-09-0706:15:00

CWE-770

[email protected]

web.nvd.nist.gov

cve-2021-33831

th wildau

covid-19

contact tracing

access control

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

28.6%

JSON

api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds.

CPENameOperatorVersion
th-wildau:covid-19_contact_tracingth-wildau covid-19 contact tracingle2021-09-01

CPE	Name	Operator	Version
th-wildau:covid-19_contact_tracing	th-wildau covid-19 contact tracing	le	2021-09-01

References

github.com/lanmarc77/CVE-2021-33831

www.th-wildau.de/studieren-weiterbilden/neuigkeiten-und-veranstaltungen/corona/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for CVE-2021-33831

prion1 githubexploit1