CVE-2021-26920

{"id": "CVE-2021-26920", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-07-02T08:15:08.590", "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/07/02/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2021/09/24/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r29e45561343cc5cf7d3290ee0b0e94e565faab19c20d022df9b5e29c%40%3Cdev.druid.apache.org%3E", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r304dfe56a5dfe1b2d9166b24d2c74ad1c6730338b20aef77a00ed2be%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r61aab724cf97d80da7f02d50e9af6de5c7c40dd92dab7518746fbaa2%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rc9400a70d0ec5cdb8a3486fc5ddb0b5282961c0b63e764abfbcb9f5d%40%3Cdev.druid.apache.org%3E", "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-610"}]}], "descriptions": [{"lang": "en", "value": "In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource."}, {"lang": "es", "value": "En el sistema de ingesti\u00f3n de Druid, el InputSource es usado para leer datos de una determinada fuente de datos. Sin embargo, el HTTP InputSource permite a usuarios autenticados leer datos de otras fuentes distintas a las previstas, como el sistema de archivos local, con los privilegios del proceso del servidor Druid. Esto no es una elevaci\u00f3n de privilegios cuando unos usuarios acceden a Druid directamente, ya que Druid tambi\u00e9n proporciona el InputSource Local, que permite el mismo nivel de acceso. Pero es problem\u00e1tico cuando unos usuarios interact\u00faan con Druid indirectamente mediante una aplicaci\u00f3n que permite a usuarios especificar el HTTP InputSource, pero no el Local InputSource. En este caso, unos usuarios podr\u00edan omitir la restricci\u00f3n a nivel de aplicaci\u00f3n pasando una URL de archivo al HTTP InputSource"}], "lastModified": "2023-11-07T03:31:49.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:druid:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A299C23-7F4F-4654-AD2D-BCD7867D27DB", "versionEndExcluding": "0.22.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}