CVE-2021-32673 - Vulnerability Details - OpenCVE

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01795.

Key SSVC decision points have not yet been added.

Vendors	Products
Reg-keygen-git-hash Project	Reg-keygen-git-hash

Configuration 1 [-]

cpe:2.3:a:reg-keygen-git-hash_project:reg-keygen-git-hash:*:*:*:*:*:reg-suit:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87
https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16
https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp
https://www.npmjs.com/package/reg-keygen-git-hash-plugin

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-06-08T17:00:13

Updated: 2024-08-03T23:25:31.122Z

Reserved: 2021-05-12T00:00:00

Link: CVE-2021-32673

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-06-08T17:15:07.747

Modified: 2024-11-21T06:07:30.233

Link: CVE-2021-32673

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "reg-suit", "vendor": "reg-viz", "versions": [{"status": "affected", "version": "< 0.10.16"}]}], "descriptions": [{"lang": "en", "value": "reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-08T17:00:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16"}, {"tags": ["x_refsource_MISC"], "url": "https://www.npmjs.com/package/reg-keygen-git-hash-plugin"}], "source": {"advisory": "GHSA-49q3-8867-5wmp", "discovery": "UNKNOWN"}, "title": "Remote Command Execution in reg-keygen-git-hash-plugin", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32673", "STATE": "PUBLIC", "TITLE": "Remote Command Execution in reg-keygen-git-hash-plugin"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "reg-suit", "version": {"version_data": [{"version_value": "< 0.10.16"}]}}]}, "vendor_name": "reg-viz"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT", "availabilityImpact": "LOW", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp", "refsource": "CONFIRM", "url": "https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp"}, {"name": "https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87", "refsource": "MISC", "url": "https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87"}, {"name": "https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16", "refsource": "MISC", "url": "https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16"}, {"name": "https://www.npmjs.com/package/reg-keygen-git-hash-plugin", "refsource": "MISC", "url": "https://www.npmjs.com/package/reg-keygen-git-hash-plugin"}]}, "source": {"advisory": "GHSA-49q3-8867-5wmp", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:25:31.122Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.npmjs.com/package/reg-keygen-git-hash-plugin"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32673", "datePublished": "2021-06-08T17:00:13", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:31.122Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:reg-keygen-git-hash_project:reg-keygen-git-hash:*:*:*:*:*:reg-suit:*:*", "matchCriteriaId": "2AE3DF3E-1C8B-4B8E-AF1B-F251D63BB6FF", "versionEndIncluding": "0.10.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue."}, {"lang": "es", "value": "reg-keygen-git-hash-plugin es un plugin de reg-suit para detectar la clave instant\u00e1nea para ser comparada con el uso de Git commit hash. reg-keygen-git-hash-plugin versiones hasta 0.10.15 e incluy\u00e9ndola, permiten a atacantes remotos a ejecutar comandos arbitrarios. Actualizar a versi\u00f3n 0.10.16 o posterior para resolver este problema"}], "id": "CVE-2021-32673", "lastModified": "2024-11-21T06:07:30.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.3, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-08T17:15:07.747", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp"}, {"source": "security-advisories@github.com", "tags": ["Product", "Third Party Advisory"], "url": "https://www.npmjs.com/package/reg-keygen-git-hash-plugin"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://www.npmjs.com/package/reg-keygen-git-hash-plugin"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}