CVE-2021-25931

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-25931
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25931.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-25931
Aliases
Published
2021-05-20T15:15:07Z
Modified
2024-05-30T03:00:17.087717Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at /opennms/admin/userGroupView/users/updateUser. This flaw allows assigning ROLE_ADMIN security role to a normal user. Using this flaw, an attacker can trick the admin user to assign administrator privileges to a normal user by enticing him to click upon an attacker-controlled website.

References

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type
GIT
Repo
https://github.com/opennms/opennms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

meridian-foundation-2015.*

meridian-foundation-2015.1.0-1
meridian-foundation-2015.1.1-1
meridian-foundation-2015.1.10-1
meridian-foundation-2015.1.2-1
meridian-foundation-2015.1.3-1
meridian-foundation-2015.1.4-1
meridian-foundation-2015.1.5-1
meridian-foundation-2015.1.6-1
meridian-foundation-2015.1.7-1

meridian-foundation-2016.*

meridian-foundation-2016.1.1-1
meridian-foundation-2016.1.10-1
meridian-foundation-2016.1.15-1
meridian-foundation-2016.1.2-1
meridian-foundation-2016.1.3-1
meridian-foundation-2016.1.4-1
meridian-foundation-2016.1.5-1
meridian-foundation-2016.1.6-1
meridian-foundation-2016.1.7-1
meridian-foundation-2016.1.9-1

meridian-foundation-2017.*

meridian-foundation-2017.1.0-1
meridian-foundation-2017.1.10-1
meridian-foundation-2017.1.2-1
meridian-foundation-2017.1.3-1
meridian-foundation-2017.1.4-1
meridian-foundation-2017.1.5-1

opennms-1.*

opennms-1.10.0-1
opennms-1.10.1-1
opennms-1.10.10-1
opennms-1.10.11-1
opennms-1.10.12-1
opennms-1.10.13-1
opennms-1.10.14-1
opennms-1.10.2-1
opennms-1.10.3-1
opennms-1.10.4-1
opennms-1.10.5-1
opennms-1.10.6-1
opennms-1.10.7-1
opennms-1.10.8-1
opennms-1.10.9-1
opennms-1.11.0-1
opennms-1.11.1-1
opennms-1.11.3-1
opennms-1.11.90-1
opennms-1.11.91-1
opennms-1.11.92-1
opennms-1.11.93-1
opennms-1.11.94-1
opennms-1.12.0-1
opennms-1.12.1-1
opennms-1.12.2-1
opennms-1.12.3-1
opennms-1.12.4-1
opennms-1.12.5-1
opennms-1.12.6-1
opennms-1.12.7-1
opennms-1.12.8-1
opennms-1.12.9-1
opennms-1.13.0-1
opennms-1.13.1-1
opennms-1.13.2-1
opennms-1.13.3-1
opennms-1.13.4-1
opennms-1.7.9
opennms-1.9.0-1
opennms-1.9.3-2
opennms-1.9.4-1
opennms-1.9.5-1
opennms-1.9.6-1
opennms-1.9.7-1
opennms-1.9.8-1
opennms-1.9.90-1
opennms-1.9.91-1
opennms-1.9.92-1
opennms-1.9.93-1

opennms-14.*

opennms-14.0.0-1
opennms-14.0.1-1
opennms-14.0.2-1
opennms-14.0.3-1
opennms-14.0.3-2

opennms-15.*

opennms-15.0.0-1
opennms-15.0.1-1
opennms-15.0.2-1

opennms-16.*

opennms-16.0.0-1
opennms-16.0.1-1
opennms-16.0.2-1
opennms-16.0.3-1
opennms-16.0.4-1

opennms-17.*

opennms-17.0.0-1
opennms-17.1.0-1
opennms-17.1.1-1
opennms-17.1.1-2
opennms-17.1.1-3

opennms-18.*

opennms-18.0.0-1
opennms-18.0.1-1
opennms-18.0.2-1
opennms-18.0.3-1
opennms-18.0.4-1

opennms-19.*

opennms-19.0.0-1
opennms-19.0.1-1
opennms-19.1.0-1

opennms-20.*

opennms-20.0.0-1
opennms-20.0.1-1
opennms-20.0.2-1
opennms-20.1.0-1

opennms-21.*

opennms-21.0.0-1
opennms-21.0.1-1
opennms-21.0.2-1
opennms-21.0.3-1
opennms-21.0.4-1
opennms-21.0.5-1
opennms-21.1.0-1

opennms-22.*

opennms-22.0.0-1
opennms-22.0.1-1
opennms-22.0.2-1
opennms-22.0.3-1
opennms-22.0.4-1

opennms-23.*

opennms-23.0.0-1
opennms-23.0.1-1
opennms-23.0.2-1
opennms-23.0.3-1
opennms-23.0.4-1

opennms-24.*

opennms-24.0.0-1
opennms-24.1.0-1
opennms-24.1.1-1
opennms-24.1.2-1
opennms-24.1.3-1

opennms-25.*

opennms-25.0.0-1
opennms-25.1.0-1
opennms-25.1.1-1
opennms-25.1.2-1
opennms-25.2.0-1
opennms-25.2.1-1

opennms-26.*

opennms-26.0.0-1
opennms-26.0.1-1
opennms-26.1.0-1
opennms-26.1.1-1

space-integration-12.*

space-integration-12.2-code-freeze