CVE-2021-2322
First published: Wed Jun 23 2021(Updated: )
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenGrok | <=1.6.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVSS score for CVE-2021-2322?
The CVSS score for CVE-2021-2322 is not specified, but it indicates a severe security risk due to the potential for takeover of OpenGrok.
What versions are affected by CVE-2021-2322?
CVE-2021-2322 affects OpenGrok versions 1.6.7 and prior.
How do I fix CVE-2021-2322?
To fix CVE-2021-2322, upgrade OpenGrok to version 1.6.8 or later.
Who can exploit CVE-2021-2322?
CVE-2021-2322 can be easily exploited by a low privileged attacker with network access via HTTPS.
What can result from a successful exploit of CVE-2021-2322?
A successful exploit of CVE-2021-2322 can result in the complete takeover of the OpenGrok application.
- agent/type
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/opengrok
- version/opengrok/1.6.7