Packagist (Composer) package
cachethq/cachet
pkg:composer/cachethq/cachet
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-43661 | — | < 2.4 | 2.4 | Oct 11, 2023 | Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of th | ||
| CVE-2021-39174 | — | < 2.5.1 | 2.5.1 | Aug 27, 2021 | Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, databa | ||
| CVE-2021-39173 | — | < 2.5.1 | 2.5.1 | Aug 27, 2021 | Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 b | ||
| CVE-2021-39172 | — | < 2.5.1 | 2.5.1 | Aug 27, 2021 | Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. Th | ||
| CVE-2021-39165 | — | <= 2.3.18 | — | Aug 26, 2021 | Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as admini |
- CVE-2023-43661Oct 11, 2023affected < 2.4fixed 2.4
Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of th
- CVE-2021-39174Aug 27, 2021affected < 2.5.1fixed 2.5.1
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, databa
- CVE-2021-39173Aug 27, 2021affected < 2.5.1fixed 2.5.1
Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 b
- CVE-2021-39172Aug 27, 2021affected < 2.5.1fixed 2.5.1
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. Th
- CVE-2021-39165Aug 26, 2021affected <= 2.3.18
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as admini