CVE-2021-41232

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-41232

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41232.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41232

Aliases

Related

GHSA-26cm-qrc6-mfgj

Published

2021-11-02T18:15:08Z

Modified

2025-01-14T22:02:17Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use.

References

Affected packages

Git / github.com/stevenweathers/thunderdome-planning-poker

Affected ranges

Type: GIT
Repo: https://github.com/stevenweathers/thunderdome-planning-poker
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f1524d01e8a0f2d6c3db5461c742456c692dd8c1

Fixed

f1524d01e8a0f2d6c3db5461c742456c692dd8c1