Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-43828
HistoryDec 14, 2021 - 8:15 p.m.

CVE-2021-43828

2021-12-1420:15:07
Google
osv.dev
2
patrowl
privilege management
unlogged in users
download
import files
security operations
update

AI Score

6.8

Confidence

High

EPSS

0.002

Percentile

58.6%

JSON

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds.

Related

cnvd 1
prion 1
nvd 1
cve 1
cvelist 1
cnvd
cnvd
PatrOwl privilege management error vulnerability
2021-12-16 00:00:00
prion
prion
Design/Logic Flaw
2021-12-14 20:15:00
nvd
nvd
CVE-2021-43828
2021-12-14 20:15:07
cve
cve
CVE-2021-43828
2021-12-14 20:15:07
cvelist
cvelist
CVE-2021-43828 Improper Privilege Management in Patrowl
2021-12-14 19:20:17

AI Score

6.8

Confidence

High

EPSS

0.002

Percentile

58.6%

JSON
Related for OSV:CVE-2021-43828
cnvd1prion1nvd1cve1cvelist1