3 matches found
CVE-2021-42009
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address...
CVE-2021-42009
The CVE covers Apache Traffic Control Traffic Ops: an authenticated portal-level user can submit a crafted email subject to the /deliveryservices/request endpoint, causing the Traffic Ops server to send an email with an arbitrary body to any address. This is a server-side email relay/injection ri...
CVE-2021-42009 Apache Traffic Control Traffic Ops Email Injection Vulnerability
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address...