Fiveai Cachet vulnerabilities
4 known vulnerabilities affecting fiveai/cachet.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-39165P3MEDIUMCVSS 6.5PoC≤ 2.3.182021-08-26
CVE-2021-39165 [MEDIUM] CWE-89 CVE-2021-39165: Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL inje
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet is not
nvd
CVE-2021-39172P2HIGHCVSS 8.8fixed in 2.5.12021-08-27
CVE-2021-39172 [HIGH] CWE-93 CVE-2021-39172: Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandH
nvd
CVE-2021-39173P3HIGHCVSS 8.8fixed in 2.5.12021-08-27
CVE-2021-39173 [HIGH] CWE-704 CVE-2021-39173: Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless
Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the middleware `ReadyForUse`, which now performs a stricter va
nvd
CVE-2021-39174P3HIGHCVSS 8.8fixed in 2.5.12021-08-28
CVE-2021-39174 [HIGH] CWE-75 CVE-2021-39174: Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateCo
nvd