CVE-2021-42948

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-42948

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42948.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-42948

Related

UBUNTU-CVE-2021-42948

Published

2022-09-16T16:15:09Z

Modified

2024-09-18T03:16:40.627410Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.

References

Affected packages

Debian:11 / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/debian/hoteldruid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.1-1

3.0.3-1

3.0.4-1

3.0.5-1

3.0.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/debian/hoteldruid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/debian/hoteldruid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}