CVE-2021-42948

EUVD-2021-29903
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
digitaldruidhoteldruid
𝑥
≤ 3.0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
hoteldruid
bookworm
3.0.4-1
fixed
bullseye
no-dsa
buster
no-dsa
sid
3.0.6-1
fixed
stretch
no-dsa
trixie
3.0.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
hoteldruid
bionic
needs-triage
focal
needs-triage
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/dhammon/HotelDruid-CVE-2021-42948
https://github.com/dhammon/Security
https://www.hoteldruid.com/
https://github.com/dhammon/HotelDruid-CVE-2021-42948
https://github.com/dhammon/Security
https://www.hoteldruid.com/