CVE-2021-39165

26.08.2021, 21:15

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.

SQL Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
GitHub_M	CNA	8.1 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
chachethq	cachet	𝑥 < 2.3.18

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6

https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc

https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6

https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc