CVE-2021-41714 - Vulnerability Details - OpenCVE

In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tipask	Tipask

Configuration 1 [-]

cpe:2.3:a:tipask:tipask:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42
https://github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69
https://www.yuque.com/henry-weply/penetration/fza5hm

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-05-23T15:34:34

Updated: 2024-08-04T03:15:29.271Z

Reserved: 2021-09-27T00:00:00

Link: CVE-2021-41714

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-23T16:16:06.313

Modified: 2024-11-21T06:26:39.217

Link: CVE-2021-41714

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:C/UI:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-23T15:34:34", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.yuque.com/henry-weply/penetration/fza5hm"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-41714", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:C/UI:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.yuque.com/henry-weply/penetration/fza5hm", "refsource": "MISC", "url": "https://www.yuque.com/henry-weply/penetration/fza5hm"}, {"name": "https://github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42", "refsource": "MISC", "url": "https://github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42"}, {"name": "https://github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69", "refsource": "MISC", "url": "https://github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:15:29.271Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.yuque.com/henry-weply/penetration/fza5hm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-41714", "datePublished": "2022-05-23T15:34:34", "dateReserved": "2021-09-27T00:00:00", "dateUpdated": "2024-08-04T03:15:29.271Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tipask:tipask:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFDD3E7B-94B1-455C-9AD0-6D55E6A6BD19", "versionEndExcluding": "3.5.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage."}, {"lang": "es", "value": "En Tipask versiones anteriores a 3.5.9, los par\u00e1metros de ruta introducidos por el usuario no son comprobados cuando son descargados archivos adjuntos, un usuario registrado puede descargar archivos arbitrarios en el servidor Tipask como .env, /etc/passwd, laravel.log, causando un filtrado de informaci\u00f3n"}], "id": "CVE-2021-41714", "lastModified": "2024-11-21T06:26:39.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-23T16:16:06.313", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.yuque.com/henry-weply/penetration/fza5hm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.yuque.com/henry-weply/penetration/fza5hm"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "nvd@nist.gov", "type": "Primary"}]}