CVE-2021-42948
published 2022-09-16CVE-2021-42948: HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to…
PriorityP413low3.7CVSS 3.1
AVNACHPRNUINSUCLINAN
EPSS
0.67%
47.3th percentile
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hoteldruid | < hoteldruid 3.0.4-1 (bookworm) | hoteldruid 3.0.4-1 (bookworm) |
| digitaldruid | hoteldruid | <= 3.0.3 | — |
| digitaldruid | hoteldruid | >= 0 < 3.0.4-1 | 3.0.4-1 |
CVSS provenance
nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
osv3.7LOW
vendor_debian3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2021-42948: hoteldruid - HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exp...
vendor_debian·2021·CVSS 3.7
CVE-2021-42948 [LOW] CVE-2021-42948: hoteldruid - HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exp...
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.
Scope: local
bookworm: resolved (fixed in 3.0.4-1)
bullseye: open
sid: resolved (fixed in 3.0.4-1)
GHSA
GHSA-q4wp-vrv8-q2xh: HotelDruid Hotel Management Software v3
ghsa_unreviewed·2022-09-17
CVE-2021-42948 [LOW] CWE-319 GHSA-q4wp-vrv8-q2xh: HotelDruid Hotel Management Software v3
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.
OSV
CVE-2021-42948: HotelDruid Hotel Management Software v3
osv·2022-09-16·CVSS 3.7
CVE-2021-42948 [LOW] CVE-2021-42948: HotelDruid Hotel Management Software v3
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-16
Published