CVE-2021-21371

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-21371
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21371.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-21371
Aliases
Related
Published
2021-03-10T22:15:12Z
Modified
2025-01-15T01:47:26.131467Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run arbitrary commands through the yaml.load() method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. This is fixed in version 1.1.21 by using yaml.safe_load() instead of yaml.load().

References

Affected packages

Git / github.com/tenable/integration-jira-cloud

Affected ranges

Type
GIT
Repo
https://github.com/tenable/integration-jira-cloud
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.0.0
1.1.0
1.1.1
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.1.19
1.1.2
1.1.20
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9