From eec9bf725dae0e830a09ebb7571c9c11f02350c1 Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Thu, 6 Apr 2023 14:41:34 -0400 Subject: [PATCH] Enhancement: cves/2021/CVE-2021-34429.yaml by md --- cves/2021/CVE-2021-34429.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/cves/2021/CVE-2021-34429.yaml b/cves/2021/CVE-2021-34429.yaml index 50935fbd47..f46fc1c0c8 100644 --- a/cves/2021/CVE-2021-34429.yaml +++ b/cves/2021/CVE-2021-34429.yaml @@ -1,15 +1,16 @@ id: CVE-2021-34429 info: - name: Jetty Authorization Before Parsing and Canonicalization Variation + name: Eclipse Jetty - Improper Authorization author: Bernardo Rodrigues @bernardofsr | André Monteiro @am0nt31r0 severity: medium description: | - For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. + Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. reference: - https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm - https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E - https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E + - https://nvd.nist.gov/vuln/detail/CVE-2021-34429 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 @@ -46,4 +47,6 @@ requests: - type: word part: header words: - - "application/xml" \ No newline at end of file + - "application/xml" + +# Enhanced by md on 2023/04/06