How severe is CVE-2021-39174?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-39174?

This is classified as CWE-75, which is a common weakness in software security.

CVE-2021-39174 - HIGH Severity | CVSS 8.8

Vulnerability Description

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.

Related Vulnerabilities

CVE-2023-23912

HIGH

CVSS:8.8(High)

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhc...

CWE-752023

CVE-2023-27533

HIGH

CVSS:8.8(High)

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server...

CWE-752023

CVE-2024-31809

HIGH

CVSS:8.8(High)

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.

CWE-752024

CVE-2024-37779

HIGH

CVSS:8.8(High)

WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.

CWE-752024

CVE-2024-51941

HIGH

CVSS:8.8(High)

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing a...

CWE-752024

CVE-2023-1758

HIGH

CVSS:8.9(High)

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CWE-752023