CVE-2021-42079 - OpenCVE

An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Osnexus	Quantastor

Configuration 1 [-]

cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:*

References

Link	Resource
https://csirt.divd.nl/CVE-2021-42079	Third Party Advisory
https://www.divd.nl/DIVD-2021-00020	Broken Link
https://www.osnexus.com/products/software-defined-storage	Product
https://www.wbsec.nl/osnexus	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: DIVD

Published: 2023-07-10T06:29:48.339Z

Updated: 2023-07-10T06:29:48.339Z

Reserved: 2021-10-07T17:12:57.677Z

Link: CVE-2021-42079

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-10T16:15:47.467

Modified: 2023-07-14T18:13:24.080

Link: CVE-2021-42079

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2021-42079", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "state": "PUBLISHED", "assignerShortName": "DIVD", "dateReserved": "2021-10-07T17:12:57.677Z", "datePublished": "2023-07-10T06:29:48.339Z", "dateUpdated": "2023-07-10T06:29:48.339Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2023-07-10T06:29:48.339Z"}, "title": "SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "affected": [{"vendor": "OSNEXUS", "product": "QuantaStor", "platforms": ["Windows", "Linux"], "collectionURL": "https://www.osnexus.com/downloads", "versions": [{"status": "affected", "version": "0", "lessThan": "6.0.0.355", "versionType": "semver"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests."}]}], "references": [{"url": "https://www.wbsec.nl/osnexus", "tags": ["third-party-advisory"]}, {"url": "https://www.divd.nl/DIVD-2021-00020", "tags": ["third-party-advisory"]}, {"url": "https://www.osnexus.com/products/software-defined-storage", "tags": ["product"]}, {"url": "https://csirt.divd.nl/CVE-2021-42079", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "Upgrade to the latest version of OSNEXUS QuantaStor.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Upgrade to the latest version of OSNEXUS QuantaStor."}]}], "credits": [{"lang": "en", "value": "Wietse Boonstra", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}