CVE-2021-3027

{"id": "CVE-2021-3027", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-03-26T03:16:40.647", "references": [{"url": "https://github.com/LibrIT/passhport/commit/366b03f607729c4538e91b634ecc57c8398522a1", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/LibrIT/passhport/pull/562", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://jorgectf.gitlab.io/disclosure/cve-2021-3027/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization."}, {"lang": "es", "value": "El archivo app/views_mod/user/user.py en LibrIT PaSSHport hasta versi\u00f3n 2.5, est\u00e1 afectado por una inyecci\u00f3n de LDAP. Un filtrado de informaci\u00f3n se presenta por el procesamiento de consultas especiales, escapando del filtro de b\u00fasqueda proporcionado debido a que la entrada del usuario no es saneada."}], "lastModified": "2022-05-03T16:04:40.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:librit:passhport:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80FB2365-DFD9-46AA-B636-FD4E4AAC0D6A", "versionEndIncluding": "2.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}