Vulnerability Description
Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thunderdome | Planning Poker | < 1.16.3 |
Related Weaknesses (CWE)
References
- https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0Patch
- https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisoriesThird Party Advisory
- https://github.com/github/securitylab/issues/464#issuecomment-957094994Issue TrackingThird Party Advisory
- https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0Patch
- https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisoriesThird Party Advisory
- https://github.com/github/securitylab/issues/464#issuecomment-957094994Issue TrackingThird Party Advisory
FAQ
What is CVE-2021-41232?
CVE-2021-41232 is a vulnerability with a CVSS score of 8.1 (HIGH). Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authenticat...
How severe is CVE-2021-41232?
CVE-2021-41232 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41232?
Check the references section above for vendor advisories and patch information. Affected products include: Thunderdome Planning Poker.