3 matches found
Cachet 2.4: Code Execution via Laravel Configuration Injection
Status pages are now an essential service offered by all Software-as-a-Service companies we do it too!. To help their adoption, startups quickly conceived status pages as-a-service, and open-source self-hosted alternatives were made available. Cachet, also sometimes referred to as CachetHQ, is a...
CVE-2021-39173
CVE-2021-39173 affects Cachet (PHP-based open source status page) and describes a vulnerability where, before version 2.5.1, authenticated users could trigger a reinstall through the setup flow, potentially enabling arbitrary code execution on the server. The underlying issue stemmed from a lack ...
CVE-2021-39173 Forced reinstall
Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...