Home > Vulnerability Database > CVE-2021-41232

Mend.io Vulnerability Database

CVE-2021-41232

Good to know:

Date: November 2, 2021

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use.

Language: Go

Severity Score

6.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-41232

Url: https://github.com/github/securitylab/issues/464#issuecomment-957094994

Url: https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj

Url: https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1

Url: https://www.mend.io/vulnerability-database/CVE-2021-41232

Severity Score

6.5

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

CWE-90

Improper Encoding or Escaping of Output

CWE-116

Injection

CWE-74

Top Fix

Upgrade Version

Upgrade to version v1.16.3

Learn More

CVSS v3

Base Score:	6.5
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

CVSS v2

Base Score:	7.2
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-41232

Good to know:

Date: November 2, 2021

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?