Lucene search

GoogleOSV:CVE-2021-36711

HistoryJul 16, 2022 - 5:15 p.m.

CVE-2021-36711

2022-07-1617:15:08

Google

osv.dev

webinterface

remote code execution

cve-2021-36711

tentacles upload

octobot

software

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.817

Percentile

98.4%

JSON

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.

References

packetstormsecurity.com/files/167780/OctoBot-WebInterface-0.4.3-Remote-Code-Execution.html

github.com/Drakkar-Software/OctoBot/blob/master/CHANGELOG.md

github.com/Drakkar-Software/OctoBot/issues/1966

github.com/Nwqda/Sashimi-Evil-OctoBot-Tentacle

packetstormsecurity.com/files/167721/Sashimi-Evil-OctoBot-Tentacle.html

www.octobot.online/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.817

Percentile

98.4%

JSON

Related for OSV:CVE-2021-36711