What is CVE-2021-39174?

CVE-2021-39174 is a high-severity vulnerability in Fiveai Cachet, classified under CWE-75. CVSS score: 8.8/10. Published 2021-08-27.

How severe is CVE-2021-39174?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2021-39174 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Fiveai Cachet

CVE-2021-39174

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_K…

EPSS: 0.517 (98.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Fiveai Cachet — versions < 2.5.1

Weakness classification (CWE)

CWE-75

Public proof-of-concept exploits

References

github.com/fiveai/Cachet/releases/tag/v2.5.1 (x_refsource_MISC)
github.com/fiveai/Cachet/security/advisories/GHSA-88f9-7xxh-c688 (x_refsource_CONFIRM)
blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-39174?: CVE-2021-39174 is a high-severity vulnerability in Fiveai Cachet, classified under CWE-75. CVSS score: 8.8/10. Published 2021-08-27.
How severe is CVE-2021-39174?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2021-39174 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.