Caldera Security Vulnerabilities and Issues — Caldera CVE List

Lucene search

MitreCaldera

4 matches found

CVE•added 2022/01/12 7:15 p.m.•41 views

CVE-2021-42562

An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users.

8.1CVSS7.8AI score0.00882EPSS

CVE•added 2022/01/12 8:15 p.m.•40 views

CVE-2021-42559

An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.

8.8CVSS8.8AI score0.02989EPSS

CVE•added 2022/01/12 7:15 p.m.•34 views

CVE-2021-42560

An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltrati...

8.8CVSS8.6AI score0.10351EPSS

CVE•added 2021/07/12 8:15 p.m.•33 views

CVE-2020-19907

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.

8.8CVSS8.8AI score0.04201EPSS