CVE-2021-21319

Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.

CVSS v3.0 5.4 MEDIUM
CVSS v2.0 3.5 LOW

5.4^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q	Third Party Advisory
https://bugs.galette.eu/issues/1535	Permissions Required Vendor Advisory
https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6	Patch Third Party Advisory
https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5	Patch Third Party Advisory
https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995	Patch Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:galette:galette:*:*:*:*:*:*:*:*

Information

Published : 2021-10-25 09:15

Updated : 2021-10-27 18:12

NVD link : CVE-2021-21319

Mitre link : CVE-2021-21319

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

galette

galette

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q", "name": "https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugs.galette.eu/issues/1535", "name": "https://bugs.galette.eu/issues/1535", "tags": ["Permissions Required", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6", "name": "https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5", "name": "https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995", "name": "https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-21319", "ASSIGNER": "security-advisories@github.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}}, "publishedDate": "2021-10-25T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:galette:galette:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "0.9.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-10-28T01:12Z"}