Patrowl Patrowlmanager vulnerabilities
2 known vulnerabilities affecting patrowl/patrowlmanager.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2021-43829P2HIGHCVSS 8.8fixed in 1.7.72021-12-14
CVE-2021-43829 [HIGH] CWE-434 CVE-2021-43829: PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior
PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised t
nvd
CVE-2021-43828P3HIGHCVSS 7.5fixed in 1.7.72021-12-14
CVE-2021-43828 [HIGH] CWE-269 CVE-2021-43828: PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior
PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, owner_id is predictable and tmp_file is in format of import__, for example: import_1_1639213059582.json
nvd