Vulnerability Details : CVE-2021-4430
A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability.
Vulnerability category: Information leak
Products affected by CVE-2021-4430
- cpe:2.3:a:ortussolutions:coldbox_elixir:3.1.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-4430
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-4430
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.7
|
LOW | AV:A/AC:L/Au:S/C:P/I:N/A:N |
5.1
|
2.9
|
VulDB | |
3.5
|
LOW | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.1
|
1.4
|
VulDB | |
3.5
|
LOW | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.1
|
1.4
|
VulDB | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-4430
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: cna@vuldb.com (Secondary)
References for CVE-2021-4430
-
https://github.com/Ortus-Solutions/coldbox-elixir/releases/tag/v3.1.7
Release v3.1.7 · Ortus-Solutions/coldbox-elixir · GitHubRelease Notes
-
https://vuldb.com/?id.244485
CVE-2021-4430: Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosurePermissions Required;VDB Entry
-
https://github.com/Ortus-Solutions/coldbox-elixir/commit/a3aa62daea2e44c76d08d1eac63768cd928cd69e
Fix security vulnerability that echoed out all ENV vars. · Ortus-Solutions/coldbox-elixir@a3aa62d · GitHubPatch
-
https://vuldb.com/?ctiid.244485
Permissions Required;VDB Entry
Jump to