CVE-2021-41123 : Security Advisory and Response
Survey Solutions vulnerability CVE-2021-41123 allows unauthorized access to sensitive metrics. Learn about the impact, affected versions, and mitigation steps for this medium severity issue.
Survey Solutions is a survey management system where the Headquarters application exposes sensitive metrics. This vulnerability, with a CVSS base score of 5.3, impacts versions prior to 21.09.1.
Understanding CVE-2021-41123
Survey Solutions is affected by a vulnerability that allows unauthorized access to sensitive metrics through the /metrics endpoint.
What is CVE-2021-41123?
The vulnerability in Survey Solutions exposes aggregate counters, such as interview counts, to any user, potentially leading to a privacy breach.
The Impact of CVE-2021-41123
- Attack Complexity: Low
- Attack Vector: Network
- Base Score: 5.3 (Medium)
- Confidentiality Impact: Low
- Integrity Impact: None
- Privileges Required: None
- User Interaction: None
- Availability Impact: None
Technical Details of CVE-2021-41123
Survey Solutions vulnerability details and mitigation steps.
Vulnerability Description
The vulnerability allows unauthorized users to access sensitive metrics through the /metrics endpoint.
Affected Systems and Versions
- Product: surveysolutions
- Vendor: surveysolutions
- Versions Affected: < 21.09.1
Exploitation Mechanism
Unauthorized users can exploit the vulnerability to access aggregate counters without permissions.
Mitigation and Prevention
Steps to mitigate the exposure of sensitive information in Survey Solutions.
Immediate Steps to Take
- Update to version 21.09.1 or later where the endpoint is turned off by default.
- Restrict access to the /metrics endpoint.
Long-Term Security Practices
- Regular security assessments of endpoints.
- Implement access controls to prevent unauthorized access.
Patching and Updates
Apply security patches promptly to mitigate the vulnerability.