CVE-2021-32698

eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:elabftw:elabftw:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:07

Type Values Removed Values Added
References () https://github.com/elabftw/elabftw/commit/3d2db4d3ad90b0915f29f05aeba41eaaf6a7c726 - Patch, Third Party Advisory () https://github.com/elabftw/elabftw/commit/3d2db4d3ad90b0915f29f05aeba41eaaf6a7c726 - Patch, Third Party Advisory
References () https://github.com/elabftw/elabftw/security/advisories/GHSA-mh6g-62p8-26m4 - Patch, Third Party Advisory () https://github.com/elabftw/elabftw/security/advisories/GHSA-mh6g-62p8-26m4 - Patch, Third Party Advisory
CVSS v2 : 4.0
v3 : 4.9
v2 : 4.0
v3 : 6.8

Information

Published : 2021-06-21 22:15

Updated : 2024-11-21 06:07


NVD link : CVE-2021-32698

Mitre link : CVE-2021-32698

CVE.ORG link : CVE-2021-32698


JSON object : View

Products Affected

elabftw

  • elabftw
CWE
CWE-918

Server-Side Request Forgery (SSRF)