Lucene search

Veracode Vulnerability DatabaseVERACODE:41441

HistoryJul 21, 2023 - 9:14 a.m.

Denial Of Service (DoS)

2023-07-2109:14:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

12.5%

JSON

ethyca_fides is vulnerable to Denial Of Service (DoS). The vulnerability exists due to a lack of validation in the template upload feature, which allows an attacker with with the CONNECTOR_TEMPLATE_REGISTER scope to upload a malicious zip bomb file, causing the fides webserver to run out of resources and become unavailable to all users.

CPENameOperatorVersion
ethyca-fidesle2.15.2b0
ethyca-fidesle2.15.2b0

CPE	Name	Operator	Version
	ethyca-fides	le	2.15.2b0
	ethyca-fides	le	2.15.2b0

References

github.com/ethyca/fides/commit/5aea738463960d81821c11ae7ade1d627a46bf32

github.com/ethyca/fides/security/advisories/GHSA-g95c-2jgm-hqc6

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

12.5%

JSON

Related for VERACODE:41441