How severe is CVE-2021-39173?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-39173?

This is classified as CWE-704, which is a common weakness in software security.

CVE-2021-39173 - HIGH Severity | CVSS 8.8

Vulnerability Description

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the middleware `ReadyForUse`, which now performs a stricter validation of the instance name. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.

Related Vulnerabilities

CVE-2010-1822

HIGH

CVSS:8.8(High)

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to e...

CWE-7042010

CVE-2011-1805

HIGH

CVSS:8.8(High)

Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-7042011

CVE-2016-5161

HIGH

CVSS:8.8(High)

The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishan...

CWE-7042016

CVE-2016-5263

HIGH

CVSS:8.8(High)

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code...

CWE-7042016

CVE-2016-7860

HIGH

CVSS:8.8(High)

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-7042016

CVE-2016-7861

HIGH

CVSS:8.8(High)

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-7042016