CVE-2021-41123

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-41123
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41123.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-41123
Related
  • GHSA-6c7j-7jf3-9p3j
Published
2021-10-04T23:15:08.470Z
Modified
2026-04-10T04:51:21.483925Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default.

References

Affected packages

Git / github.com/surveysolutions/surveysolutions

Affected ranges

Type
GIT
Repo
https://github.com/surveysolutions/surveysolutions
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
79b98434b8f674efb78af049f1e38c0148621ec3
Fixed
99e7e8345cb98f2eda08e37976e3d3aeb49971c9
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "21.09.1"
        }
    ]
}

Affected versions

v20.*
v20.09
v20.12
v21.*
v21.01.1
v21.01.3
v21.01.5
v21.01.6
v21.01.7
v21.01.8
v21.05
v21.05.1
v21.05.2
v21.05.3
v21.05.4
v21.05.5
v21.05.6
v21.05.7
v21.05.8
v21.06
v21.06.1
v21.06.2
v21.06.3
v21.09

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41123.json"