CVE-2021-3856

{"id": "CVE-2021-3856", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-08-26T16:15:09.570", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2021-3856", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010164", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/keycloak/keycloak/pull/8588", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://issues.redhat.com/browse/KEYCLOAK-19422", "tags": ["Permissions Required", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available."}, {"lang": "es", "value": "ClassLoaderTheme y ClasspathThemeResourceProviderFactory permiten leer cualquier archivo disponible como recurso para el cargador de clases. Al enviar peticiones de recursos de temas con una ruta relativa desde un cliente HTTP externo, el cliente recibir\u00e1 el contenido de archivos aleatorios si est\u00e1n disponibles."}], "lastModified": "2023-07-10T19:27:42.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08FEF5EB-2BDF-45E6-988A-D9B04FC9281D", "versionEndExcluding": "15.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}