CVE-2021-36777

CWE-8073 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 46.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Opensuse Build ServiceOpensuse Open Build Service
Timeline
PublishedMar 9
Latest updateMar 10

Description

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5opensuse/build_servicelogin-proxy-scriptsdc000cdfe9b9b715fb92195b1a57559362f689ef
NVDopensuse/open_build_service< 2021-10-08

Patches

Patch: bugzilla.suse.comPatch: bugzilla.suse.com

🔴Vulnerability Details

2
GHSA
GHSA-3pc4-pj89-2j67: A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present user2022-03-10
CVEList
login-proxy sends password to attacker-provided domain2022-03-09
CVE-2021-36777 (HIGH CVSS 8.8) | A Reliance on Untrusted Inputs in a | cvebase.io