{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T22:09:07.352","vulnerabilities":[{"cve":{"id":"CVE-2021-39165","sourceIdentifier":"security-advisories@github.com","published":"2021-08-26T21:15:10.053","lastModified":"2024-11-21T06:18:46.087","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected."},{"lang":"es","value":"Cachet es una página de estado de código abierto. Con Cachet versiones anteriores a 2.3.18 incluyéndola, se presenta una inyección SQL que se encuentra en la función \"SearchableTrait#scopeSearch()\". Unos atacantes sin autenticación pueden utilizar esta vulnerabilidad para exfiltrar datos confidenciales de la base de datos, como la contraseña y la sesión del administrador. El repositorio original de Cachet (https://github.com/CachetHQ/Cachet) no está activo, la versión estable 2.3.18 y su rama 2.4 en desarrollo están afectadas."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"},{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chachethq:cachet:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.18","matchCriteriaId":"B3A34C33-07F1-4AED-AB3E-236B6B5DF306"}]}]}],"references":[{"url":"https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}