Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the middleware `ReadyForUse`, which now performs a stricter validation of the instance name. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.
References
Link | Resource |
---|---|
https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection/ | Exploit Third Party Advisory |
https://github.com/fiveai/Cachet/releases/tag/v2.5.1 | Release Notes Third Party Advisory |
https://github.com/fiveai/Cachet/security/advisories/GHSA-r67m-m8c7-jp83 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-08-27 23:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-39173
Mitre link : CVE-2021-39173
CVE.ORG link : CVE-2021-39173
JSON object : View
Products Affected
catchethq
- catchet
CWE
CWE-704
Incorrect Type Conversion or Cast