5.3

CVE-2021-41123

EPSS 0.23%
Veröffentlicht 04.10.2021 23:15:08
Zuletzt bearbeitet 21.11.2024 06:25:31
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mysurvey ≫ Survey Solutions Version < 21.09.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.431

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/surveysolutions/surveysolutions/commit/99e7e8345cb98f2eda08e37976e3d3aeb49971c9

Patch

Third Party Advisory

https://github.com/surveysolutions/surveysolutions/security/advisories/GHSA-6c7j-7jf3-9p3j

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-41123

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-41123

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-41123

EUVD