CVE-2021-4281 - Vulnerability Details - OpenCVE

A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Forthebadge	For The Badge

Configuration 1 [-]

cpe:2.3:a:forthebadge:for_the_badge:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/BraveUX/for-the-badge/commit/55b5a234c0fab935df5fb08365bc8fe9c37cf46b
https://github.com/BraveUX/for-the-badge/pull/165
https://vuldb.com/?ctiid.216842
https://vuldb.com/?id.216842

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-12-26T19:38:13.757Z

Updated: 2024-08-03T17:23:10.245Z

Reserved: 2022-12-26T19:36:35.569Z

Link: CVE-2021-4281

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-26T20:15:10.580

Modified: 2024-11-21T06:37:18.567

Link: CVE-2021-4281

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-4281", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2022-12-26T19:36:35.569Z", "datePublished": "2022-12-26T19:38:13.757Z", "dateUpdated": "2024-08-03T17:23:10.245Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-26T19:38:56.342Z"}, "title": "Brave UX for-the-badge combine-prs.yml os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "CWE-78 OS Command Injection"}]}], "affected": [{"vendor": "Brave UX", "product": "for-the-badge", "versions": [{"version": "n/a", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Brave UX for-the-badge gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei .github/workflows/combine-prs.yml. Durch Beeinflussen mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Patch wird als 55b5a234c0fab935df5fb08365bc8fe9c37cf46b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.6, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}], "timeline": [{"time": "2022-12-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2022-12-26T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2022-12-26T20:43:50.000Z", "lang": "en", "value": "VulDB last update"}], "references": [{"url": "https://vuldb.com/?id.216842", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.216842", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/BraveUX/for-the-badge/pull/165", "tags": ["issue-tracking"]}, {"url": "https://github.com/BraveUX/for-the-badge/commit/55b5a234c0fab935df5fb08365bc8fe9c37cf46b", "tags": ["patch"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.245Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.216842", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.216842", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/BraveUX/for-the-badge/pull/165", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://github.com/BraveUX/for-the-badge/commit/55b5a234c0fab935df5fb08365bc8fe9c37cf46b", "tags": ["patch", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:forthebadge:for_the_badge:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBDF360C-7DF2-4EC5-9A44-15C905B61FE0", "versionEndExcluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Brave UX for-the-badge y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo .github/workflows/combine-prs.yml es afectada por este problema. La manipulaci\u00f3n conduce a la inyecci\u00f3n de comandos del sistema operativo. El nombre del parche es 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. Se recomienda aplicar un parche para solucionar este problema. VDB-216842 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2021-4281", "lastModified": "2024-11-21T06:37:18.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-26T20:15:10.580", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/BraveUX/for-the-badge/commit/55b5a234c0fab935df5fb08365bc8fe9c37cf46b"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://github.com/BraveUX/for-the-badge/pull/165"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.216842"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.216842"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/BraveUX/for-the-badge/commit/55b5a234c0fab935df5fb08365bc8fe9c37cf46b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/BraveUX/for-the-badge/pull/165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.216842"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.216842"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Secondary"}]}