CVE-2021-41185
Last modified
CVE-2021-41185 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. EPSS estimates a 1.38% chance of exploitation in the next 30 days.
Description
Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may manually apply the changes from the fix commit.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mycodo Project | Mycodo | < 8.12.7 |
References
- https://github.com/kizniche/Mycodo/commit/23ac5dd422029c2b6ae1701a3599b6d41b66a6a9Patch, Third Party Advisory
- https://github.com/kizniche/Mycodo/issues/1105Issue Tracking, Third Party Advisory
- https://github.com/kizniche/Mycodo/releases/tag/v8.12.7Release Notes, Third Party Advisory
- https://github.com/kizniche/Mycodo/security/advisories/GHSA-252r-94ph-m229Patch, Third Party Advisory
- https://github.com/kizniche/Mycodo/commit/23ac5dd422029c2b6ae1701a3599b6d41b66a6a9Patch, Third Party Advisory
- https://github.com/kizniche/Mycodo/issues/1105Issue Tracking, Third Party Advisory
- https://github.com/kizniche/Mycodo/releases/tag/v8.12.7Release Notes, Third Party Advisory
- https://github.com/kizniche/Mycodo/security/advisories/GHSA-252r-94ph-m229Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-41185?
How severe is CVE-2021-41185?
How do I fix CVE-2021-41185?
Are you affected by CVE-2021-41185?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST