CVE-2021-33031

{"id": "CVE-2021-33031", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2021-06-10T16:15:08.157", "references": [{"url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://labcup.net/privacy-data-security/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email address if the attacker knows details of the victim such as the exact roles and group roles, ID, and remote authentication ID settings. These must be sent in a modified save API request. It was fixed in 6.3.0.03."}, {"lang": "es", "value": "En LabCup versiones anteriores a v2_next_18022, es posible usar la API de guardado para llevar a cabo acciones no autorizadas para los usuarios sin acceso a la gesti\u00f3n de usuarios para, despu\u00e9s de una explotaci\u00f3n con \u00e9xito, conseguir acceso a la cuenta de la v\u00edctima. Un usuario sin el privilegio de gesti\u00f3n de usuarios puede cambiar la direcci\u00f3n de correo electr\u00f3nico de otro usuario si el atacante conoce los detalles de la v\u00edctima, como los roles exactos y los roles de grupo, la ID y la configuraci\u00f3n de la ID de autenticaci\u00f3n remota. Estos deben ser enviados en una petici\u00f3n modificada de la API de guardado. Se ha corregido en la versi\u00f3n 6.3.0.03"}], "lastModified": "2021-06-22T18:29:56.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:labcup:labcup:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEAAA149-D0FD-4F20-A2D1-5D6B3D6914E7", "versionEndExcluding": "v2_next_18022"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}