Vulnerability Details : CVE-2021-31590
PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a user's account is deleted, the user can still access the administration panel (and add or delete users) and has complete access to the system.
Products affected by CVE-2021-31590
- cpe:2.3:a:pwndoc_project:pwndoc:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-31590
0.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-31590
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2021-31590
-
https://github.com/pwndoc/pwndoc/pull/128
Applied fix for CVE-2021-31590 by Lednerb · Pull Request #128 · pwndoc/pwndoc · GitHubPatch;Third Party Advisory
-
https://github.com/pwndoc/pwndoc/security/advisories
Security Advisories · pwndoc/pwndoc · GitHubBroken Link
-
https://github.com/pwndoc/pwndoc/pull/74
Security Update: Change JWT Secret and TLS Certificate automatically on build by Lednerb · Pull Request #74 · pwndoc/pwndoc · GitHubPatch;Third Party Advisory
-
https://github.com/pwndoc/pwndoc/commit/ff1b868cec55f5b6c7a91e15a2b0b1f4324121ab
Update Session management using refresh token · pwndoc/pwndoc@ff1b868 · GitHubPatch;Third Party Advisory
-
https://www.dgc.org/responsible_disclosure_pwndoc_jwt
DGC | Deutsche Gesellschaft für Cybersicherheit | PwnDoc - Incorrect Access Control VulnerabilityExploit;Third Party Advisory
-
https://github.com/pwndoc/pwndoc/commit/15f3dc0e212eda465e05fda0feb002d1bce2939d
Update JWT generation · pwndoc/pwndoc@15f3dc0 · GitHubPatch;Third Party Advisory
-
https://github.com/pwndoc/pwndoc/blob/59519735b0d831d8fd96d7c3387f66d28407e583/CHANGELOG.md#040-2021-08-23
pwndoc/CHANGELOG.md at 59519735b0d831d8fd96d7c3387f66d28407e583 · pwndoc/pwndoc · GitHubPatch;Release Notes;Third Party Advisory
Jump to