Lucene search

@huntrdevCVELIST:CVE-2021-3797

HistorySep 15, 2021 - 1:05 p.m.

CVE-2021-3797 Use of Wrong Operator in String Comparison in hestiacp/hestiacp

2021-09-1513:05:11

CWE-597

@huntrdev

www.cve.org

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

hestiacp is vulnerable to Use of Wrong Operator in String Comparison

CNA Affected

[
  {
    "product": "hestiacp/hestiacp",
    "vendor": "hestiacp",
    "versions": [
      {
        "lessThanOrEqual": "1.4.13",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/hestiacp/hestiacp/commit/fc68baff4f94b59e38316f886d0ce47d337042f7

huntr.dev/bounties/c24fb15c-3c84-45c8-af04-a660f8da388f

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Related for CVELIST:CVE-2021-3797