Central Dogma
CVE-2021-38388
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.
AnalysisAI
Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Technical ContextAI
This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project. Affected products include: Linecorp Central Dogma.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.
More in Central Dogma
View allCluster-wide remote code execution in LY Corporation's centraldogma-server prior to 0.84.0 occurs when ZooKeeper replica
Man-in-the-middle attacks against LY Corporation's Central Dogma server can compromise mirrored Git repositories in vers
LDAP injection in Central Dogma's Apache Shiro-based authentication module exposes unauthenticated remote attackers to a
Central Dogma versions before 0.78.0 contain an Open Redirect vulnerability that allows attackers to redirect users to u
Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of
Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web scr
Same weakness CWE-862 – Missing Authorization
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today