2021-01-02 04:56:15 +00:00
id : CVE-2020-26214
2020-11-07 10:47:02 +00:00
2022-04-22 10:38:41 +00:00
info :
2022-04-25 14:35:07 +00:00
name : Alerta < 8.1.0 - Authentication Bypass
2022-07-13 17:36:28 +00:00
author : CasperGN,daffainfo
2020-11-07 10:47:02 +00:00
severity : critical
2022-04-25 14:35:07 +00:00
description : Alerta prior to version 8.1.0 is prone to authentication bypass when using LDAP as an authorization provider and the LDAP server accepts Unauthenticated Bind requests.
2023-09-06 12:22:36 +00:00
remediation : |
Upgrade Alerta to version 8.1.0 or later to mitigate this vulnerability.
2021-08-18 11:37:49 +00:00
reference :
2021-03-11 10:26:36 +00:00
- https://github.com/advisories/GHSA-5hmm-x8q8-w5jh
- https://tools.ietf.org/html/rfc4513#section-5.1.2
- https://pypi.org/project/alerta-server/8.1.0/
2022-03-29 10:33:49 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-26214
2023-07-11 19:49:27 +00:00
- https://github.com/alerta/alerta/commit/2bfa31779a4c9df2fa68fa4d0c5c909698c5ef65
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2020-26214
cwe-id : CWE-287
2023-10-26 18:00:24 +00:00
epss-score : 0.01546
2023-11-23 06:31:41 +00:00
epss-percentile : 0.85694
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:a:alerta_project:alerta:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : alerta_project
product : alerta
tags : cve,cve2020,alerta,auth-bypass
2020-11-07 10:47:02 +00:00
2023-04-27 04:28:59 +00:00
http :
2020-11-07 10:47:02 +00:00
- method : GET
path :
- '{{BaseURL}}/api/config'
matchers-condition : and
matchers :
2023-07-11 19:49:27 +00:00
- type : dsl
dsl :
- compare_versions(version, '< 8.1.0')
2022-07-09 10:45:55 +00:00
- type : word
2020-11-07 10:47:02 +00:00
part : body
2022-07-09 10:45:55 +00:00
words :
- '"alarm_model"'
- '"actions"'
- '"severity"'
condition : and
2022-07-13 17:38:07 +00:00
- type : status
status :
- 200
extractors :
- type : regex
name : version
group : 1
regex :
- '"name": "Alerta ([0-9.]+)"'
2023-07-11 19:49:27 +00:00
internal : true
2022-07-13 17:38:07 +00:00
2022-07-13 17:45:25 +00:00
- type : regex
group : 1
regex :
- '"name": "Alerta ([0-9.]+)"'
2023-11-21 07:14:20 +00:00
# digest: 490a00463044022010cd62a9d4be24b8ec6e36bca5c4fefe7f4473e4e9016aa681b12b1c16e26d180220321944b27647cca8326c1450363534f6ec8a9965eec9655b2ea7288523f4a078:922c64590222798bb761d5b6d8e72950