CVE-2021-43851 - OpenCVE

Vendors	Products
Anuko	Time Tracker

Link	Providers
https://github.com/anuko/timetracker/commit/0cf32f1046418aa2e5218b0b370064820c330c6a
https://github.com/anuko/timetracker/commit/94fda0cc0c9c20ab98d38ccc75ff040d13dc7f1b
https://github.com/anuko/timetracker/security/advisories/GHSA-wx6x-6rq3-pqcc

{"containers": {"cna": {"affected": [{"product": "timetracker", "vendor": "anuko", "versions": [{"status": "affected", "version": "< 1.19.33.5607"}]}], "descriptions": [{"lang": "en", "value": "Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the \"group\" and \"status\" parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-21T23:40:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/anuko/timetracker/security/advisories/GHSA-wx6x-6rq3-pqcc"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/anuko/timetracker/commit/0cf32f1046418aa2e5218b0b370064820c330c6a"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/anuko/timetracker/commit/94fda0cc0c9c20ab98d38ccc75ff040d13dc7f1b"}], "source": {"advisory": "GHSA-wx6x-6rq3-pqcc", "discovery": "UNKNOWN"}, "title": "SQL injection vulnerability in anuko timetracker", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43851", "STATE": "PUBLIC", "TITLE": "SQL injection vulnerability in anuko timetracker"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "timetracker", "version": {"version_data": [{"version_value": "< 1.19.33.5607"}]}}]}, "vendor_name": "anuko"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the \"group\" and \"status\" parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/anuko/timetracker/security/advisories/GHSA-wx6x-6rq3-pqcc", "refsource": "CONFIRM", "url": "https://github.com/anuko/timetracker/security/advisories/GHSA-wx6x-6rq3-pqcc"}, {"name": "https://github.com/anuko/timetracker/commit/0cf32f1046418aa2e5218b0b370064820c330c6a", "refsource": "MISC", "url": "https://github.com/anuko/timetracker/commit/0cf32f1046418aa2e5218b0b370064820c330c6a"}, {"name": "https://github.com/anuko/timetracker/commit/94fda0cc0c9c20ab98d38ccc75ff040d13dc7f1b", "refsource": "MISC", "url": "https://github.com/anuko/timetracker/commit/94fda0cc0c9c20ab98d38ccc75ff040d13dc7f1b"}]}, "source": {"advisory": "GHSA-wx6x-6rq3-pqcc", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:10:16.291Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/anuko/timetracker/security/advisories/GHSA-wx6x-6rq3-pqcc"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/anuko/timetracker/commit/0cf32f1046418aa2e5218b0b370064820c330c6a"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/anuko/timetracker/commit/94fda0cc0c9c20ab98d38ccc75ff040d13dc7f1b"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43851", "datePublished": "2021-12-21T23:40:10", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:10:16.291Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:anuko:time_tracker:*:*:*:*:*:*:*:*", "matchCriteriaId": "29EAC4EA-8F91-4D0F-89AF-6A1593DF42A8", "versionEndExcluding": "1.19.33.5607", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the \"group\" and \"status\" parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file."}, {"lang": "es", "value": "Anuko Time Tracker es una aplicaci\u00f3n de seguimiento del tiempo de c\u00f3digo abierto, basada en la web y escrita en PHP. Se presenta una vulnerabilidad de inyecci\u00f3n SQL en m\u00faltiples archivos de Time Tracker versi\u00f3n 1.19.33.5606 y anteriores, debido a que no se comprueban correctamente los par\u00e1metros \"group\" y \"status\" en las peticiones POST. El par\u00e1metro \"group\" es contabilizado cuando se navega entre subgrupos de la organizaci\u00f3n (archivo groups.php). El par\u00e1metro de estado es usado en varios archivos para cambiar el estado de una entidad, como por ejemplo, hacer que un proyecto, una tarea o un usuario est\u00e9n inactivos. Este problema ha sido parcheado en la versi\u00f3n 1.19.33.5607. Se recomienda encarecidamente una actualizaci\u00f3n. Si la actualizaci\u00f3n no es pr\u00e1ctica, introduzca la funci\u00f3n ttValidStatus como en la \u00faltima versi\u00f3n y comience a usarla en los bloques de comprobaci\u00f3n de entrada de usuarios donde es usado el campo status. Para la correcci\u00f3n de groups.php, introduzca la funci\u00f3n ttValidInteger como en la \u00faltima versi\u00f3n y \u00fasela en el bloque de comprobaci\u00f3n de acceso del archivo"}], "id": "CVE-2021-43851", "lastModified": "2021-12-28T14:58:23.080", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-12-22T00:15:09.987", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/anuko/timetracker/commit/0cf32f1046418aa2e5218b0b370064820c330c6a"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/anuko/timetracker/commit/94fda0cc0c9c20ab98d38ccc75ff040d13dc7f1b"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/anuko/timetracker/security/advisories/GHSA-wx6x-6rq3-pqcc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object