CVE-2021-4297

A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is able to address this issue. The name of the patch is 694da5013dbecc8d30dd83e2a83e78faadf93771. It is recommended to upgrade the affected component. VDB-217174 is the identifier assigned to this vulnerability.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/trampgeek/jobe/commit/694da5013dbecc8d30dd83e2a83e78faadf93771	Patch Third Party Advisory
https://vuldb.com/?ctiid.217174	Permissions Required Third Party Advisory
https://vuldb.com/?id.217174	Permissions Required Third Party Advisory
https://github.com/trampgeek/jobe/issues/46	Issue Tracking Patch Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:jobe_project:jobe:*:*:*:*:*:*:*:*

Information

Published : 2023-01-01 11:15

Updated : 2023-01-09 10:21

NVD link : CVE-2021-4297

Mitre link : CVE-2021-4297

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

jobe_project

jobe

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/trampgeek/jobe/commit/694da5013dbecc8d30dd83e2a83e78faadf93771", "name": "https://github.com/trampgeek/jobe/commit/694da5013dbecc8d30dd83e2a83e78faadf93771", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?ctiid.217174", "name": "https://vuldb.com/?ctiid.217174", "tags": ["Permissions Required", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?id.217174", "name": "https://vuldb.com/?id.217174", "tags": ["Permissions Required", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/trampgeek/jobe/issues/46", "name": "https://github.com/trampgeek/jobe/issues/46", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is able to address this issue. The name of the patch is 694da5013dbecc8d30dd83e2a83e78faadf93771. It is recommended to upgrade the affected component. VDB-217174 is the identifier assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-4297", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2023-01-01T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jobe_project:jobe:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.6.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-09T18:21Z"}