CVE-2021-33570 - Vulnerability Details - OpenCVE

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.01707.

Key SSVC decision points have not yet been added.

Vendors	Products
Postbird Project	Postbird

Configuration 1 [-]

cpe:2.3:a:postbird_project:postbird:0.8.4:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-Local-File-Inclusion.html
http://packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-Data-Storage.html
https://github.com/Paxa/postbird/issues/132
https://github.com/Paxa/postbird/issues/133
https://github.com/Paxa/postbird/issues/134
https://github.com/Tridentsec-io/postbird
https://tridentsec.io/blogs/postbird-cve-2021-33570/
https://www.exploit-db.com/exploits/49910

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-25T21:06:34

Updated: 2024-08-03T23:50:43.174Z

Reserved: 2021-05-25T00:00:00

Link: CVE-2021-33570

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-25T22:15:10.353

Modified: 2024-11-21T06:09:06.647

Link: CVE-2021-33570

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-17T19:16:53", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/Paxa/postbird/issues/132"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Paxa/postbird/issues/133"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Paxa/postbird/issues/134"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Tridentsec-io/postbird"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-Local-File-Inclusion.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-Data-Storage.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/49910"}, {"tags": ["x_refsource_MISC"], "url": "https://tridentsec.io/blogs/postbird-cve-2021-33570/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-33570", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Paxa/postbird/issues/132", "refsource": "MISC", "url": "https://github.com/Paxa/postbird/issues/132"}, {"name": "https://github.com/Paxa/postbird/issues/133", "refsource": "MISC", "url": "https://github.com/Paxa/postbird/issues/133"}, {"name": "https://github.com/Paxa/postbird/issues/134", "refsource": "MISC", "url": "https://github.com/Paxa/postbird/issues/134"}, {"name": "https://github.com/Tridentsec-io/postbird", "refsource": "MISC", "url": "https://github.com/Tridentsec-io/postbird"}, {"name": "http://packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-Local-File-Inclusion.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-Local-File-Inclusion.html"}, {"name": "http://packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-Data-Storage.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-Data-Storage.html"}, {"name": "https://www.exploit-db.com/exploits/49910", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/49910"}, {"name": "https://tridentsec.io/blogs/postbird-cve-2021-33570/", "refsource": "MISC", "url": "https://tridentsec.io/blogs/postbird-cve-2021-33570/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:50:43.174Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Paxa/postbird/issues/132"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Paxa/postbird/issues/133"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Paxa/postbird/issues/134"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Tridentsec-io/postbird"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-Local-File-Inclusion.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-Data-Storage.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.exploit-db.com/exploits/49910"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tridentsec.io/blogs/postbird-cve-2021-33570/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-33570", "datePublished": "2021-05-25T21:06:34", "dateReserved": "2021-05-25T00:00:00", "dateUpdated": "2024-08-03T23:50:43.174Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postbird_project:postbird:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "65F856E6-B245-4295-A0AC-691C01A9CE2F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections."}, {"lang": "es", "value": "Postbird versi\u00f3n 0.8.4 permite el XSS almacenado a trav\u00e9s del atributo onerror de un elemento IMG en cualquier tabla de la base de datos PostgreSQL. Esto puede resultar en la lectura de archivos locales a trav\u00e9s de vectores que implican XMLHttpRequest y la apertura de una URL file:///, o el descubrimiento de contrase\u00f1as de PostgreSQL a trav\u00e9s de vectores que implican Window.localStorage y savedConnections"}], "id": "CVE-2021-33570", "lastModified": "2024-11-21T06:09:06.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-25T22:15:10.353", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-Local-File-Inclusion.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-Data-Storage.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Paxa/postbird/issues/132"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Paxa/postbird/issues/133"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Paxa/postbird/issues/134"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Tridentsec-io/postbird"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "URL Repurposed"], "url": "https://tridentsec.io/blogs/postbird-cve-2021-33570/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/49910"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-Local-File-Inclusion.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-Data-Storage.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Paxa/postbird/issues/132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Paxa/postbird/issues/133"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Paxa/postbird/issues/134"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Tridentsec-io/postbird"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "URL Repurposed"], "url": "https://tridentsec.io/blogs/postbird-cve-2021-33570/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/49910"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}