Vulnerability Description
PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Patrowl | Patrowlmanager | < 1.7.7 |
Related Weaknesses (CWE)
References
- https://github.com/Patrowl/PatrowlManager/commit/2287c9715d2e7ef11b44bb0ad4a5772PatchThird Party Advisory
- https://github.com/Patrowl/PatrowlManager/security/advisories/GHSA-5hc9-6hq4-2xfThird Party Advisory
- https://huntr.dev/bounties/17324785-f83a-4058-ac40-03f2bfa16399/ExploitPatchThird Party Advisory
- https://github.com/Patrowl/PatrowlManager/commit/2287c9715d2e7ef11b44bb0ad4a5772PatchThird Party Advisory
- https://github.com/Patrowl/PatrowlManager/security/advisories/GHSA-5hc9-6hq4-2xfThird Party Advisory
- https://huntr.dev/bounties/17324785-f83a-4058-ac40-03f2bfa16399/ExploitPatchThird Party Advisory
FAQ
What is CVE-2021-43829?
CVE-2021-43829 is a vulnerability with a CVSS score of 7.4 (HIGH). PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulner...
How severe is CVE-2021-43829?
CVE-2021-43829 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43829?
Check the references section above for vendor advisories and patch information. Affected products include: Patrowl Patrowlmanager.