ID

VAR-202111-0835


CVE

CVE-2021-43495


TITLE

AlquistManager  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015156

DESCRIPTION

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. AlquistManager Exists in a past traversal vulnerability.Information may be obtained. Alquist is an advanced conversational Ai robot. For interesting and engaging conversations with humans on trending topics such as movies, sports, news, etc. There is a security vulnerability in Alquist Manager, which is caused by the lack of effective filtering and escaping of path data submitted by users in the alquist/IO/input.py file in the software, resulting in a directory traversal vulnerability. No detailed vulnerability details are currently available

Trust: 2.25

sources: NVD: CVE-2021-43495 // JVNDB: JVNDB-2021-015156 // CNVD: CNVD-2022-10717 // VULMON: CVE-2021-43495

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-10717

AFFECTED PRODUCTS

vendor:alquistaimodel:alquistscope:eqversion:2017-06-13

Trust: 1.6

vendor:alquist aimodel:alquistscope: - version: -

Trust: 0.8

vendor:alquist aimodel:alquistscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2022-10717 // JVNDB: JVNDB-2021-015156 // NVD: CVE-2021-43495

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43495
value: HIGH

Trust: 1.0

NVD: CVE-2021-43495
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-10717
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202111-1486
value: HIGH

Trust: 0.6

VULMON: CVE-2021-43495
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-43495
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-10717
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-43495
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-43495
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-10717 // VULMON: CVE-2021-43495 // JVNDB: JVNDB-2021-015156 // CNNVD: CNNVD-202111-1486 // NVD: CVE-2021-43495

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-015156 // NVD: CVE-2021-43495

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1486

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202111-1486

PATCH

title:[Security]url:https://github.com/AlquistManager/alquist/issues/43

Trust: 0.8

title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: VULMON: CVE-2021-43495 // JVNDB: JVNDB-2021-015156

EXTERNAL IDS

db:NVDid:CVE-2021-43495

Trust: 3.9

db:JVNDBid:JVNDB-2021-015156

Trust: 0.8

db:CNVDid:CNVD-2022-10717

Trust: 0.6

db:CNNVDid:CNNVD-202111-1486

Trust: 0.6

db:VULMONid:CVE-2021-43495

Trust: 0.1

sources: CNVD: CNVD-2022-10717 // VULMON: CVE-2021-43495 // JVNDB: JVNDB-2021-015156 // CNNVD: CNNVD-202111-1486 // NVD: CVE-2021-43495

REFERENCES

url:https://github.com/alquistmanager/alquist/issues/43

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-43495

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/arpsyndicate/kenzer-templates

Trust: 0.1

sources: CNVD: CNVD-2022-10717 // VULMON: CVE-2021-43495 // JVNDB: JVNDB-2021-015156 // CNNVD: CNNVD-202111-1486 // NVD: CVE-2021-43495

SOURCES

db:CNVDid:CNVD-2022-10717
db:VULMONid:CVE-2021-43495
db:JVNDBid:JVNDB-2021-015156
db:CNNVDid:CNNVD-202111-1486
db:NVDid:CVE-2021-43495

LAST UPDATE DATE

2024-11-23T23:01:00.912000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-10717date:2022-02-16T00:00:00
db:VULMONid:CVE-2021-43495date:2021-11-18T00:00:00
db:JVNDBid:JVNDB-2021-015156date:2022-11-10T07:16:00
db:CNNVDid:CNNVD-202111-1486date:2021-11-25T00:00:00
db:NVDid:CVE-2021-43495date:2024-11-21T06:29:19.040

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-10717date:2022-02-16T00:00:00
db:VULMONid:CVE-2021-43495date:2021-11-15T00:00:00
db:JVNDBid:JVNDB-2021-015156date:2022-11-10T00:00:00
db:CNNVDid:CNNVD-202111-1486date:2021-11-15T00:00:00
db:NVDid:CVE-2021-43495date:2021-11-15T13:15:07.663