CVE-2021-32814 - OpenCVE

Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Skytable	Skytable

Configuration 1 [-]

cpe:2.3:a:skytable:skytable:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17
https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e
https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7
https://security.skytable.io/ve/s/00001.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-08-03T16:25:12

Updated: 2024-08-03T23:33:55.853Z

Reserved: 2021-05-12T00:00:00

Link: CVE-2021-32814

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-03T17:15:12.043

Modified: 2021-08-11T17:05:39.690

Link: CVE-2021-32814

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "skytable", "vendor": "skytable", "versions": [{"status": "affected", "version": "< 0.5.1"}]}], "descriptions": [{"lang": "en", "value": "Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-03T16:25:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17"}, {"tags": ["x_refsource_MISC"], "url": "https://security.skytable.io/ve/s/00001.html"}], "source": {"advisory": "GHSA-2hj9-cxmc-m4g7", "discovery": "UNKNOWN"}, "title": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Skytable", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32814", "STATE": "PUBLIC", "TITLE": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Skytable"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "skytable", "version": {"version_data": [{"version_value": "< 0.5.1"}]}}]}, "vendor_name": "skytable"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7", "refsource": "CONFIRM", "url": "https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7"}, {"name": "https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e", "refsource": "MISC", "url": "https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e"}, {"name": "https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17", "refsource": "MISC", "url": "https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17"}, {"name": "https://security.skytable.io/ve/s/00001.html", "refsource": "MISC", "url": "https://security.skytable.io/ve/s/00001.html"}]}, "source": {"advisory": "GHSA-2hj9-cxmc-m4g7", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:33:55.853Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.skytable.io/ve/s/00001.html"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32814", "datePublished": "2021-08-03T16:25:12", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:33:55.853Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:skytable:skytable:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB4104E6-477A-4B3F-9D87-2F9766EB2FE6", "versionEndExcluding": "0.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading."}, {"lang": "es", "value": "Skytable es una base de datos NoSQL con instant\u00e1neas automatizadas y TLS. Unas versiones anteriores a 0.5.1 son vulnerables a un ataque de salto de directorio que permite a clientes conectados remotamente destruir y/o manipular archivos cr\u00edticos en el sistema de archivos del host. Este bug de seguridad ha sido parcheado en la versi\u00f3n 0.5.1. No hay soluciones conocidas aparte de la actualizaci\u00f3n"}], "id": "CVE-2021-32814", "lastModified": "2021-08-11T17:05:39.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.4, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-08-03T17:15:12.043", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://security.skytable.io/ve/s/00001.html"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}