CVE-2021-41714
published 2022-05-23CVE-2021-41714: In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the…
PriorityP277medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.60%
44.4th percentile
In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tipask | tipask | < 3.5.9 | 3.5.9 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to Tipask attachment download endpoints where path parameters contain directory traversal sequences or references to sensitive files such as .env, /etc/passwd, or laravel.log — these indicate exploitation of the path traversal vulnerability. ↗
- →Exploitation requires an authenticated (registered) user session; correlate suspicious file download requests with recently registered or low-activity accounts to identify potential abuse. ↗
- →GreyNoise reclassified ENV Crawler IPs as malicious intent; blocking or alerting on IPs tagged as ENV Crawlers in GreyNoise can help detect opportunistic scanning for exposed .env files related to this and similar CVEs. ↗
- ·Vulnerability only affects Tipask versions below 3.5.9; verify the installed version before applying detection rules to avoid false positives on patched instances. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vulncheck7.7HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9v7f-rj28-9x3v: In Tipask < 3
ghsa_unreviewed·2022-05-24
CVE-2021-41714 [MEDIUM] CWE-494 GHSA-9v7f-rj28-9x3v: In Tipask < 3
In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.
VulnCheck
tipask tipask Download of Code Without Integrity Check
vulncheck·2021·CVSS 7.7
CVE-2021-41714 [HIGH] tipask tipask Download of Code Without Integrity Check
tipask tipask Download of Code Without Integrity Check
In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.
Affected: tipask tipask
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.netscout.com/blog/asert/botnets-and-familiar-foes-drive-ddos-attack-activity; https://app.crowdsec.net/cti/cve-explorer/CVE-2021-41714; https://www.netscout.com/blog/asert/botnet-pulse
No detection rules found.
No public exploits indexed.
https://github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42https://github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69https://www.yuque.com/henry-weply/penetration/fza5hmhttps://github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42https://github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69https://www.yuque.com/henry-weply/penetration/fza5hm
2022-05-23
Published
Exploited in the wild