Cachethq Cachet vulnerabilities
5 known vulnerabilities affecting cachethq/cachet.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH5
Vulnerabilities
Page 1 of 1
CVE-2023-43661P2HIGHCVSS 8.8fixed in 2.42023-10-11
CVE-2023-43661 [HIGH] CWE-94 CVE-2023-43661: Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which
Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.
ghsanvdosv
CVE-2021-39165P3HIGHPoC≥ 0, ≤ 2.3.182021-08-30
CVE-2021-39165 [HIGH] CWE-287 Unauthenticated SQL Injection in Cachet
Unauthenticated SQL Injection in Cachet
### Impact
In Cachet versions through 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session.
### Patches
The original repository of [https://github.com/CachetHQ/Cachet](https://github.com/CachetHQ/Cachet
ghsaosv
CVE-2021-39172P2HIGH≥ 0, < 2.5.12021-08-30
CVE-2021-39172 [HIGH] CWE-93 Cachet vulnerable to new line injection during configuration edition
Cachet vulnerable to new line injection during configuration edition
### Impact
Authenticated users, regardless of their privileges (_User_ or _Admin_), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server.
### Patches
This issue was addressed by improving `UpdateConfigCommandHandler` and preventing the use of
ghsaosv
CVE-2021-39173P3HIGH≥ 0, < 2.5.12021-08-30
CVE-2021-39173 [HIGH] CWE-704 Cachet vulnerable to forced reinstall
Cachet vulnerable to forced reinstall
### Impact
Authenticated users, regardless of their privileges (_User_ or _Admin_), can trick Cachet and install the instance again, leading to arbitrary code execution on the server.
### Patches
This issue was addressed by improving the middleware `ReadyForUse`, which now performs a stricter validation of the instance name.
### Workarounds
Only allow trusted source IP addresses to acc
ghsaosv
CVE-2021-39174P3HIGH≥ 0, < 2.5.12021-08-30
CVE-2021-39174 [HIGH] CWE-75 Cachet configuration leak
Cachet configuration leak
### Impact
Authenticated users, regardless of their privileges (_User_ or _Admin_), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc).
### Patches
This issue was addressed by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file.
### Workarou
ghsaosv