Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user's view filter includes an array or IN clause, and when another user has recently executed an identical query differing only by the array elements.
References
| Link | Resource |
|---|---|
| https://blog.datalust.co | Vendor Advisory |
| https://github.com/datalust/seq-tickets/issues/1322 | Exploit Third Party Advisory |
| https://blog.datalust.co | Vendor Advisory |
| https://github.com/datalust/seq-tickets/issues/1322 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 06:26
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://blog.datalust.co - Vendor Advisory | |
| References | () https://github.com/datalust/seq-tickets/issues/1322 - Exploit, Third Party Advisory |
Information
Published : 2021-09-27 06:15
Updated : 2024-11-21 06:26
NVD link : CVE-2021-41329
Mitre link : CVE-2021-41329
CVE.ORG link : CVE-2021-41329
JSON object : View
Products Affected
datalust
- seq
CWE
CWE-682
Incorrect Calculation