CVE-2021-33031 - OpenCVE

In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email address if the attacker knows details of the victim such as the exact roles and group roles, ID, and remote authentication ID settings. These must be sent in a modified save API request. It was fixed in 6.3.0.03.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Labcup	Labcup

Configuration 1 [-]

cpe:2.3:a:labcup:labcup:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md	Third Party Advisory
https://labcup.net/privacy-data-security/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-10T15:28:01

Updated: 2021-06-10T15:28:01

Reserved: 2021-05-14T00:00:00

Link: CVE-2021-33031

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-10T16:15:08.157

Modified: 2021-06-22T18:29:56.030

Link: CVE-2021-33031

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email address if the attacker knows details of the victim such as the exact roles and group roles, ID, and remote authentication ID settings. These must be sent in a modified save API request. It was fixed in 6.3.0.03."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-10T15:28:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md"}, {"tags": ["x_refsource_MISC"], "url": "https://labcup.net/privacy-data-security/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-33031", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email address if the attacker knows details of the victim such as the exact roles and group roles, ID, and remote authentication ID settings. These must be sent in a modified save API request. It was fixed in 6.3.0.03."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md", "refsource": "MISC", "url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md"}, {"name": "https://labcup.net/privacy-data-security/", "refsource": "MISC", "url": "https://labcup.net/privacy-data-security/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-33031", "datePublished": "2021-06-10T15:28:01", "dateReserved": "2021-05-14T00:00:00", "dateUpdated": "2021-06-10T15:28:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:labcup:labcup:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEAAA149-D0FD-4F20-A2D1-5D6B3D6914E7", "versionEndExcluding": "v2_next_18022", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email address if the attacker knows details of the victim such as the exact roles and group roles, ID, and remote authentication ID settings. These must be sent in a modified save API request. It was fixed in 6.3.0.03."}, {"lang": "es", "value": "En LabCup versiones anteriores a v2_next_18022, es posible usar la API de guardado para llevar a cabo acciones no autorizadas para los usuarios sin acceso a la gesti\u00f3n de usuarios para, despu\u00e9s de una explotaci\u00f3n con \u00e9xito, conseguir acceso a la cuenta de la v\u00edctima. Un usuario sin el privilegio de gesti\u00f3n de usuarios puede cambiar la direcci\u00f3n de correo electr\u00f3nico de otro usuario si el atacante conoce los detalles de la v\u00edctima, como los roles exactos y los roles de grupo, la ID y la configuraci\u00f3n de la ID de autenticaci\u00f3n remota. Estos deben ser enviados en una petici\u00f3n modificada de la API de guardado. Se ha corregido en la versi\u00f3n 6.3.0.03"}], "id": "CVE-2021-33031", "lastModified": "2021-06-22T18:29:56.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-10T16:15:08.157", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://labcup.net/privacy-data-security/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}