CVE-2021-43829
7.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Summary
PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Patrowl | PatrowlManager | < 1.7.7 | affected |
Weaknesses
- CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/Patrowl/PatrowlManager/security/advisories/GHSA-5hc9-6hq4-2xfx
- https://github.com/Patrowl/PatrowlManager/commit/2287c9715d2e7ef11b44bb0ad4a57727654f2203
- https://huntr.dev/bounties/17324785-f83a-4058-ac40-03f2bfa16399/
References
- https://github.com/Patrowl/PatrowlManager/security/advisories/GHSA-5hc9-6hq4-2xfx
- https://github.com/Patrowl/PatrowlManager/commit/2287c9715d2e7ef11b44bb0ad4a57727654f2203
- https://huntr.dev/bounties/17324785-f83a-4058-ac40-03f2bfa16399/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.