CVE-2021-40537

Beschreibung:
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation. CWE: CWE-918

CVSS-Bewertung
CVSS 2: MEDIUM – 4 (Version: 2.0)
CVSS 3: LOW – 2.7 (Version: 3.1)

Links:

NVD – CVE-2021-40537
CVE – CVE-2021-40537

Link (max. 20) Quelle Tags
https://owncloud.com/security-advisories/cve-2021-40537/ MISC Vendor Advisory Issue Tracking Third Party Advisory Third Party Advisory
https://security.openstack.org/ossa/OSSA-2021-006.html CONFIRM Patch Vendor Advisory
[oss-security] 20210909 [OSSA-2021-006] Neutron: Routes middleware memory leak for nonexistent controllers (CVE-2021-40797) MLIST Mailing List Patch Third Party Advisory

Quelle: NVD – CVE-2021-40537
Datum Veröffentlichung: 2021-09-08T18:15Z, Datum letzte Änderung: 2021-09-15T18:04Z