Vulnerability Details CVE-2021-42562
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.0%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.5
References
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42562-Improper%20Access%20Control-MITRE%20Caldera
- https://github.com/mitre/caldera/releases
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42562-Improper%20Access%20Control-MITRE%20Caldera
- https://github.com/mitre/caldera/releases
Products affected by CVE-2021-42562
-
cpe:2.3:a:mitre:caldera:2.0.0
-
cpe:2.3:a:mitre:caldera:2.1.0
-
cpe:2.3:a:mitre:caldera:2.2.0
-
cpe:2.3:a:mitre:caldera:2.3.0
-
cpe:2.3:a:mitre:caldera:2.3.1
-
cpe:2.3:a:mitre:caldera:2.3.2
-
cpe:2.3:a:mitre:caldera:2.4.0
-
cpe:2.3:a:mitre:caldera:2.5.0
-
cpe:2.3:a:mitre:caldera:2.5.1
-
cpe:2.3:a:mitre:caldera:2.6.0
-
cpe:2.3:a:mitre:caldera:2.6.1
-
cpe:2.3:a:mitre:caldera:2.6.2
-
cpe:2.3:a:mitre:caldera:2.6.3
-
cpe:2.3:a:mitre:caldera:2.6.4
-
cpe:2.3:a:mitre:caldera:2.6.5
-
cpe:2.3:a:mitre:caldera:2.6.6
-
cpe:2.3:a:mitre:caldera:2.7.0
-
cpe:2.3:a:mitre:caldera:2.8.0
-
cpe:2.3:a:mitre:caldera:2.8.1