7.5
CVE-2021-21979
- EPSS 0.13%
- Veröffentlicht 03.03.2021 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:49:21
- Quelle security@vmware.com
- CVE-Watchlists
- Unerledigt
LoginIn Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bitnami ≫ Containers SwPlatformlaravel Version >= 6.0.2-debian-9-r0 <= 6.0.2-debian-9-r22
Bitnami ≫ Containers SwPlatformlaravel Version >= 6.4.0-debian-9-r0 <= 6.4.0-debian-9-r31
Bitnami ≫ Containers SwPlatformlaravel Version >= 6.5.2-debian-9-r0 <= 6.5.2-debian-9-r20
Bitnami ≫ Containers SwPlatformlaravel Version >= 6.8.0-debian-9-r0 <= 6.8.0-debian-9-r26
Bitnami ≫ Containers SwPlatformlaravel Version >= 6.12.0-debian-9-r0 <= 6.12.0-debian-10-r33
Bitnami ≫ Containers SwPlatformlaravel Version >= 6.18.0-debian-10-r0 <= 6.18.0-debian-10-r21
Bitnami ≫ Containers SwPlatformlaravel Version >= 6.18.3-debian-10-r0 <= 6.18.3-debian-10-r22
Bitnami ≫ Containers SwPlatformlaravel Version >= 6.18.8-debian-10-r0 <= 6.18.8-debian-10-r110
Bitnami ≫ Containers SwPlatformlaravel Version >= 6.18.35-debian-10-r0 <= 6.18.35-debian-10-r66
Bitnami ≫ Containers SwPlatformlaravel Version >= 6.20.0-debian-10-r0 < 6.20.0-debian-10-r107
Bitnami ≫ Containers SwPlatformlaravel Version >= 7.0.0-debian-10-r0 <= 7.0.0-debian-10-r7
Bitnami ≫ Containers SwPlatformlaravel Version >= 7.3.0-debian-10-r0 <= 7.3.0-debian-10-r20
Bitnami ≫ Containers SwPlatformlaravel Version >= 7.6.0-debian-10-r0 <= 7.6.0-debian-10-r38
Bitnami ≫ Containers SwPlatformlaravel Version >= 7.12.0-debian-10-r0 <= 7.12.0-debian-10-r72
Bitnami ≫ Containers SwPlatformlaravel Version >= 7.25.0-debian-10-r0 <= 7.25.0-debian-10-r16
Bitnami ≫ Containers SwPlatformlaravel Version >= 7.28.0-debian-10-r0 <= 7.28.0-debian-10-r50
Bitnami ≫ Containers SwPlatformlaravel Version >= 7.30.1-debian-10-r0 < 7.30.1-debian-10-r108
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.0.1-debian-10-r0 <= 8.0.1-debian-10-r7
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.0.3-debian-10-r0 <= 8.0.3-debian-10-r18
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.1.0-debian-10-r0 <= 8.1.0-debian-10-r7
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.2.0-debian-10-r0 <= 8.2.0-debian-10-r8
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.4.0-debian-10-r0 <= 8.4.0-debian-10-r10
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.4.1-debian-10-r0 <= 8.4.1-debian-10-r6
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.4.2-debian-10-r0 <= 8.4.2-debian-10-r4
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.4.3-debian-10-r0 <= 8.4.3-debian-10-r6
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.4.4-debian-10-r0 <= 8.4.4-debian-10-r6
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.5.5-debian-10-r0 <= 8.5.5-debian-10-r11
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.5.6-debian-10-r0 <= 8.5.6-debian-10-r13
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.5.7-debian-10-r0 <= 8.5.7-debian-10-r6
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.5.8-debian-10-r0 <= 8.5.8-debian-10-r5
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.5.9-debian-10-r0 <= 8.5.9-debian-10-r25
Bitnami ≫ Containers SwPlatformlaravel Version >= 8.5.10-debian-10-r0 <= 8.5.10-debian-10-r6
Bitnami ≫ Containers Version6.19.0-debian-10-r0 SwPlatformlaravel
Bitnami ≫ Containers Version7.29.0-debian-10-r0 SwPlatformlaravel
Bitnami ≫ Containers Version7.30.0-debian-10-r0 SwPlatformlaravel
Bitnami ≫ Containers Version8.3.0-debian-10-r0 SwPlatformlaravel
Bitnami ≫ Containers Version8.5.2-debian-10-r0 SwPlatformlaravel
Bitnami ≫ Containers Version8.5.2-debian-10-r1 SwPlatformlaravel
Bitnami ≫ Containers Version8.5.3-debian-10-r0 SwPlatformlaravel
Bitnami ≫ Containers Version8.5.4-debian-10-r0 SwPlatformlaravel
Bitnami ≫ Containers Version8.5.4-debian-10-r1 SwPlatformlaravel
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.328 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.