BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured.
References
Link | Resource |
---|---|
https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/ | Release Notes Vendor Advisory |
https://github.com/btcpayserver/btcpayserver/releases/tag/v1.0.7.1 | Release Notes Third Party Advisory |
Configurations
History
02 Jun 2021, 18:47
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/ - Release Notes, Vendor Advisory |
05 May 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Apr 2021, 14:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 6.5 |
References | (MISC) https://github.com/btcpayserver/btcpayserver/releases/tag/v1.0.7.1 - Release Notes, Third Party Advisory | |
CPE | cpe:2.3:a:btcpayserver:btcpay_server:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo |
01 Apr 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-01 05:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-29251
Mitre link : CVE-2021-29251
CVE.ORG link : CVE-2021-29251
JSON object : View
Products Affected
btcpayserver
- btcpay_server
CWE