Lucene search

DIVDCVELIST:CVE-2021-42079

HistoryJul 10, 2023 - 6:29 a.m.

CVE-2021-42079 SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355

2023-07-1006:29:48

CWE-918

DIVD

www.cve.org

ssrf

osnexus quantastor

authenticated admin

alert preparation

post requests

version 6.0.0.355

6.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.1%

JSON

An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.

CNA Affected

[
  {
    "vendor": "OSNEXUS",
    "product": "QuantaStor",
    "platforms": [
      "Windows",
      "Linux"
    ],
    "collectionURL": "https://www.osnexus.com/downloads",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "6.0.0.355",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

csirt.divd.nl/CVE-2021-42079

www.divd.nl/DIVD-2021-00020

www.osnexus.com/products/software-defined-storage

www.wbsec.nl/osnexus

6.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.1%

JSON

Related for CVELIST:CVE-2021-42079