What is CVE-2021-41232?

CVE-2021-41232 is a high-severity vulnerability in Stevenweathers Thunderdome-planning-poker, classified under LDAP Injection. CVSS score: 8.1/10. Published 2021-11-02.

How severe is CVE-2021-41232?

High severity. CVSS v3 base score is 8.1 out of 10.

LDAP Injection in Stevenweathers Thunderdome-planning-poker

CVE-2021-41232

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is n…

EPSS: 0.005 (66.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L.

Affected products

Stevenweathers Thunderdome-planning-poker — versions < 2.0.0

Weakness classification (CWE)

References

github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-2… (x_refsource_CONFIRM)
github.com/github/securitylab/issues/464 (x_refsource_MISC)
github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3d… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-41232?: CVE-2021-41232 is a high-severity vulnerability in Stevenweathers Thunderdome-planning-poker, classified under LDAP Injection. CVSS score: 8.1/10. Published 2021-11-02.
How severe is CVE-2021-41232?: High severity. CVSS v3 base score is 8.1 out of 10.