CVE-2021-42560

An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.).

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42560-Unsafe%20XML%20Parsing-MITRE%20Caldera	Exploit Third Party Advisory
https://github.com/mitre/caldera/releases	Release Notes Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mitre:caldera:2.9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-01-12 19:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-42560

Mitre link : CVE-2021-42560

CVE.ORG link : CVE-2021-42560

JSON object : View

Products Affected

mitre

caldera

CWE

CWE-611

Improper Restriction of XML External Entity Reference

{"id": "CVE-2021-42560", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-01-12T19:15:08.267", "references": [{"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42560-Unsafe%20XML%20Parsing-MITRE%20Caldera", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/mitre/caldera/releases", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded \"SVG\" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.)."}, {"lang": "es", "value": "Se ha detectado un problema en CALDERA versi\u00f3n 2.9.0. El plugin Debrief recibe par\u00e1metros \"SVG\" codificados en base64 cuando genera un documento PDF. Estos documentos SVG son analizados de manera no segura y pueden ser aprovechados para ataques de tipo XXE (por ejemplo, exfiltraci\u00f3n de archivos, falsificaci\u00f3n de peticiones del lado del servidor, exfiltraci\u00f3n fuera de banda, etc.)"}], "lastModified": "2022-01-15T02:52:17.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mitre:caldera:2.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61CA95C1-5C52-461D-9753-F2ABBC0508F6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}