CVE-2021-3914 - OpenCVE

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Smallrye Health Build Of Quarkus Openshift Application Runtimes

Configuration 1 [-]

OR	cpe:2.3:a:redhat:build_of_quarkus::::::::
	cpe:2.3:a:redhat:build_of_quarkus:-::::text-only:::
	cpe:2.3:a:redhat:openshift_application_runtimes:1.0:::::::*
	cpe:2.3:a:redhat:smallrye_health:-:::::::*

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2021-3914	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2018015	Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-25T19:36:49

Updated: 2022-08-25T19:36:49

Reserved: 2021-10-28T00:00:00

Link: CVE-2021-3914

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-25T20:15:09.363

Modified: 2022-09-02T13:07:32.830

Link: CVE-2021-3914

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_quarkus:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0B7F662-E62B-41CB-8984-E3C3063B0B03", "versionEndExcluding": "2.7.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:text-only:*:*:*", "matchCriteriaId": "C4724F20-5376-4FB0-8DFA-A75004E2F60D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "183C1FAB-3101-4155-BAA4-819EE997E436", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:smallrye_health:-:*:*:*:*:*:*:*", "matchCriteriaId": "A978C871-E4D4-4622-B14F-4D92928679C7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks."}, {"lang": "es", "value": "Se ha detectado que el componente de la interfaz de usuario de smallrye health metrics no sanea correctamente algunas entradas del usuario. Un atacante podr\u00eda usar este fallo para conducir ataques de tipo cross-site scripting."}], "id": "CVE-2021-3914", "lastModified": "2022-09-02T13:07:32.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-25T20:15:09.363", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-3914"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018015"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "secalert@redhat.com", "type": "Secondary"}]}