Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-R67M-M8C7-JP83
HistoryAug 30, 2021 - 4:11 p.m.

Cachet vulnerable to forced reinstall

2021-08-3016:11:33
Google
osv.dev
23

0.005 Low

EPSS

Percentile

76.4%

JSON

Impact

Authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server.

Patches

This issue was addressed by improving the middleware ReadyForUse, which now performs a stricter validation of the instance name.

Workarounds

Only allow trusted source IP addresses to access to the administration dashboard.

References

For more information

If you have any questions or comments about this advisory, you can contact:

  • The original reporters, by sending an email to vulnerability.research [at] sonarsource.com;
  • The maintainers, by opening an issue on this repository.

Related

prion 1
cve 1
osv 1
github 1
cvelist 1
nvd 1
sonarsource 1
prion
prion
Input validation
2021-08-27 23:15:00
cve
cve
CVE-2021-39173
2021-08-27 23:15:06
osv
osv
CVE-2021-39173
2021-08-27 23:15:06
github
github
Cachet vulnerable to forced reinstall
2021-08-30 16:11:33
cvelist
cvelist
CVE-2021-39173 Forced reinstall
2021-08-27 23:00:09
nvd
nvd
CVE-2021-39173
2021-08-27 23:15:06
sonarsource
sonarsource
Cachet 2.4: Code Execution via Laravel Configuration Injection
2021-09-21 00:00:00

0.005 Low

EPSS

Percentile

76.4%

JSON
Related for OSV:GHSA-R67M-M8C7-JP83
prion1cve1osv1github1cvelist1nvd1sonarsource1