How severe is CVE-2021-3448?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4 out of 10.

What type of vulnerability is CVE-2021-3448?

This is classified as CWE-358, which is a common weakness in software security.

CVE-2021-3448

MEDIUM Year: 2021

CVSS v3 Score

4.0

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-358

View all →

Vulnerability Description

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

CVE-2017-2604

MEDIUM

CVSS:4.3(Medium)

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).

CWE-3582017

CVE-2017-2611

MEDIUM

CVSS:4.3(Medium)

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permiss...

CWE-3582017

CVE-2020-10743

MEDIUM

CVSS:4.3(Medium)

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to...

CWE-3582020

CVE-2020-25684

LOW

CVSS:3.7(Low)

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending...

CWE-3582020

CVE-2020-25686

LOW

CVSS:3.7(Low)

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 1...

CWE-3582020

CVE-2022-27219

MEDIUM

CVSS:4.3(Medium)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. T...

CWE-3582022

CVE-2021-3448

Vulnerability Description

Related Vulnerabilities

CVE-2017-2604

CVE-2017-2611

CVE-2020-10743

CVE-2020-25684

CVE-2020-25686

CVE-2022-27219