CVE: CVE-2021-41232

Export to Word

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

S9 – Sabotage of System/App

EPSS

Score: 0.00492
Percentile: 0.64645

CVSS Scoring

CVSS v3.1 Score: 8.1

Severity: HIGH

Mapped CWE(s)

CWE-116 : Improper Encoding or Escaping of Output
CWE-74 : Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-90 : Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

All CAPEC(s)

CAPEC-10: Buffer Overflow via Environment Variables
CAPEC-101: Server Side Include (SSI) Injection
CAPEC-104: Cross Zone Scripting
CAPEC-105: HTTP Request Splitting
CAPEC-108: Command Line Execution through SQL Injection
CAPEC-120: Double Encoding
CAPEC-13: Subverting Environment Variable Values
CAPEC-135: Format String Injection
CAPEC-136: LDAP Injection
CAPEC-14: Client-side Injection-induced Buffer Overflow
CAPEC-24: Filter Failure through Buffer Overflow
CAPEC-250: XML Injection
CAPEC-267: Leverage Alternate Encoding
CAPEC-273: HTTP Response Smuggling
CAPEC-28: Fuzzing
CAPEC-3: Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-34: HTTP Response Splitting
CAPEC-42: MIME Conversion
CAPEC-43: Exploiting Multiple Input Interpretation Layers
CAPEC-45: Buffer Overflow via Symbolic Links
CAPEC-46: Overflow Variables and Tags
CAPEC-47: Buffer Overflow via Parameter Expansion
CAPEC-51: Poison Web Service Registry
CAPEC-52: Embedding NULL Bytes
CAPEC-53: Postfix, Null Terminate, and Backslash
CAPEC-6: Argument Injection
CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-67: String Format Overflow in syslog()
CAPEC-7: Blind SQL Injection
CAPEC-71: Using Unicode Encoding to Bypass Validation Logic
CAPEC-72: URL Encoding
CAPEC-73: User-Controlled Filename
CAPEC-76: Manipulating Web Input to File System Calls
CAPEC-78: Using Escaped Slashes in Alternate Encoding
CAPEC-79: Using Slashes in Alternate Encoding
CAPEC-8: Buffer Overflow in an API Call
CAPEC-80: Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-81: Web Server Logs Tampering
CAPEC-83: XPath Injection
CAPEC-84: XQuery Injection
CAPEC-85: AJAX Footprinting
CAPEC-9: Buffer Overflow in Local Command-Line Utilities

CAPEC(s) with Mapped TTPs

CAPEC-13: Subverting Environment Variable Values
Mapped TTPs:
- T1562.003 : Impair Command History Logging
- T1574.006 : Dynamic Linker Hijacking
- T1574.007 : Path Interception by PATH Environment Variable
CAPEC-267: Leverage Alternate Encoding
Mapped TTPs:
- T1027 : Obfuscated Files or Information

Mapped ATT&CK TTPs

T1562.003 : Impair Command History Logging
Kill Chain: defense-evasion
T1574.006 : Dynamic Linker Hijacking
Kill Chain: persistence
T1574.007 : Path Interception by PATH Environment Variable
Kill Chain: persistence
T1027 : Obfuscated Files or Information
Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

ArcaneDoor
2016 Ukraine Electric Power Attack
C0015
C0017

Affected Products

cpe:2.3:a:thunderdome:planning_poker:*:*:*:*:*:*:*:*

← Back to Home