CVE-2021-39196
First published: Tue Sep 07 2021(Updated: )
pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pcapture Project Pcapture | <3.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-39196?
CVE-2021-39196 is a vulnerability in the pcapture open source dumpcap web service interface, which allows an authenticated but unprivileged user to capture and download packets without adequate permissions.
What is the severity of CVE-2021-39196?
The severity of CVE-2021-39196 is high, with a severity value of 6.5.
How does CVE-2021-39196 affect pcapture?
CVE-2021-39196 affects pcapture version up to exclusive 3.12, allowing unauthorized packet capture and download through the REST API.
What is the CWE ID for CVE-2021-39196?
The CWE ID for CVE-2021-39196 is 754 and 287.
How can I fix CVE-2021-39196 in pcapture?
To fix CVE-2021-39196 in pcapture, it is recommended to update to a version beyond 3.12 and apply the necessary security patches.
- collector/nvd-index
- agent/references
- agent/severity
- vendor/pcapture project
- canonical/pcapture project pcapture