CVE-2021-21979
Published Mar 3, 2021
Last updated 3 years ago
Overview
- Description
- In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application.
- Source
- security@vmware.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-798
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "1C7CED2A-9A85-419B-ADFE-F6AE73E1555B",
"versionEndIncluding": "6.0.2-debian-9-r22",
"versionStartIncluding": "6.0.2-debian-9-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "FCB1050D-3846-4787-8A7B-43A308E5C21A",
"versionEndIncluding": "6.4.0-debian-9-r31",
"versionStartIncluding": "6.4.0-debian-9-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "3E7032B5-FF3E-45D7-8F77-E678D93E7278",
"versionEndIncluding": "6.5.2-debian-9-r20",
"versionStartIncluding": "6.5.2-debian-9-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "243D681C-4017-49CB-8059-EA8BE15A6056",
"versionEndIncluding": "6.8.0-debian-9-r26",
"versionStartIncluding": "6.8.0-debian-9-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "04949BF0-3329-411A-9DCC-44143ADEF25B",
"versionEndIncluding": "6.12.0-debian-10-r33",
"versionStartIncluding": "6.12.0-debian-9-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "CF1507FE-A93F-44E5-BB60-C88CD49EEA4E",
"versionEndIncluding": "6.18.0-debian-10-r21",
"versionStartIncluding": "6.18.0-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "4262A5D9-7BBD-4782-9260-486124D4A800",
"versionEndIncluding": "6.18.3-debian-10-r22",
"versionStartIncluding": "6.18.3-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "4EA20993-0FF6-498D-90E0-9D48ECCE1E34",
"versionEndIncluding": "6.18.8-debian-10-r110",
"versionStartIncluding": "6.18.8-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "01035E72-A4B1-4B66-AEBA-680D7D81B8D5",
"versionEndIncluding": "6.18.35-debian-10-r66",
"versionStartIncluding": "6.18.35-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "635AE898-5216-4F6D-8908-ADAD2053318F",
"versionEndExcluding": "6.20.0-debian-10-r107",
"versionStartIncluding": "6.20.0-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "C5BC1638-AFC3-49BB-9888-D04E5EDD4106",
"versionEndIncluding": "7.0.0-debian-10-r7",
"versionStartIncluding": "7.0.0-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "25B5235E-27DF-4032-94B7-ACD6CFA6F9B8",
"versionEndIncluding": "7.3.0-debian-10-r20",
"versionStartIncluding": "7.3.0-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "B086553E-7236-4783-8C90-D876B35E1066",
"versionEndIncluding": "7.6.0-debian-10-r38",
"versionStartIncluding": "7.6.0-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "BDFC7B0A-2D11-43AC-8493-2834C99049CB",
"versionEndIncluding": "7.12.0-debian-10-r72",
"versionStartIncluding": "7.12.0-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "5FBFEC8E-B9EC-45CF-870E-9EED6ECFC74C",
"versionEndIncluding": "7.25.0-debian-10-r16",
"versionStartIncluding": "7.25.0-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "DC7AA5BC-9842-4C73-96E7-F819467B7ADB",
"versionEndIncluding": "7.28.0-debian-10-r50",
"versionStartIncluding": "7.28.0-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "AB4F98CC-3DE0-4D18-896A-13CFC35256EA",
"versionEndExcluding": "7.30.1-debian-10-r108",
"versionStartIncluding": "7.30.1-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "6B1F16C0-2044-4B62-9B19-43BBC2A47E23",
"versionEndIncluding": "8.0.1-debian-10-r7",
"versionStartIncluding": "8.0.1-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "EE8EB91F-033E-4479-8A36-F72FCC8F5DBE",
"versionEndIncluding": "8.0.3-debian-10-r18",
"versionStartIncluding": "8.0.3-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "7853E367-D088-4879-AB1A-80ADC8C2184B",
"versionEndIncluding": "8.1.0-debian-10-r7",
"versionStartIncluding": "8.1.0-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "BA18569B-C219-4455-BF4C-46E414CE5432",
"versionEndIncluding": "8.2.0-debian-10-r8",
"versionStartIncluding": "8.2.0-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "50931BC5-469F-48AD-82C1-DF6E3354B2CF",
"versionEndIncluding": "8.4.0-debian-10-r10",
"versionStartIncluding": "8.4.0-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "05D61B80-5874-440B-BD47-1FFA37A595C9",
"versionEndIncluding": "8.4.1-debian-10-r6",
"versionStartIncluding": "8.4.1-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "E1D840C7-6F4A-4BA9-9C3C-5499991051B1",
"versionEndIncluding": "8.4.2-debian-10-r4",
"versionStartIncluding": "8.4.2-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "A2CB8B4A-7676-486B-8D04-F10A5FCA864D",
"versionEndIncluding": "8.4.3-debian-10-r6",
"versionStartIncluding": "8.4.3-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "9A8F496F-5FFA-4CCD-8DE9-A7750E2C93B7",
"versionEndIncluding": "8.4.4-debian-10-r6",
"versionStartIncluding": "8.4.4-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "AF0E5F60-33C6-42FB-8046-5F11904E1042",
"versionEndIncluding": "8.5.5-debian-10-r11",
"versionStartIncluding": "8.5.5-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "096D7491-1E6D-4879-865C-1188D4DDBB28",
"versionEndIncluding": "8.5.6-debian-10-r13",
"versionStartIncluding": "8.5.6-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "EA7227A6-F123-403C-BD15-3EB2189505FD",
"versionEndIncluding": "8.5.7-debian-10-r6",
"versionStartIncluding": "8.5.7-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "4BBC7AAA-1BB2-4B13-BF9F-AB4DC4AAE972",
"versionEndIncluding": "8.5.8-debian-10-r5",
"versionStartIncluding": "8.5.8-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "9B55A310-5C1C-4DA3-B618-146DA68B6F57",
"versionEndIncluding": "8.5.9-debian-10-r25",
"versionStartIncluding": "8.5.9-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "2AC8F0ED-0AAF-48D8-9A43-6AB3D70AB991",
"versionEndIncluding": "8.5.10-debian-10-r6",
"versionStartIncluding": "8.5.10-debian-10-r0"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:6.19.0-debian-10-r0:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "0441223A-AF20-402D-9953-2DB29FF07232"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:7.29.0-debian-10-r0:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "12D9A722-790F-4244-9209-19D61723AA89"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:7.30.0-debian-10-r0:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "888EAFDD-8BC1-4C92-9AD8-6302D72A3674"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:8.3.0-debian-10-r0:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "640CB6F5-F58D-402D-8F11-786145B2F920"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:8.5.2-debian-10-r0:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "A34EA38A-F55A-4448-9D2D-A89D816866EC"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:8.5.2-debian-10-r1:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "66151425-8125-4C52-9320-7C471A072436"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:8.5.3-debian-10-r0:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "588EB5F3-7A30-4DD9-976E-5A00B151B48A"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:8.5.4-debian-10-r0:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "849C9414-78C1-412C-91F3-43D3D3814FAD"
},
{
"criteria": "cpe:2.3:a:bitnami:containers:8.5.4-debian-10-r1:*:*:*:*:laravel:*:*",
"vulnerable": true,
"matchCriteriaId": "1D9B42D4-4856-400D-9590-7EC976A915E5"
}
],
"operator": "OR"
}
]
}
]