CVE-2021-4258 - Vulnerability Details - OpenCVE

A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Whohas Project	Whohas

Configuration 1 [-]

cpe:2.3:a:whohas_project:whohas:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472
https://vuldb.com/?id.216251

History

Tue, 15 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-12-19T00:00:00.000Z

Updated: 2025-04-15T12:57:31.202Z

Reserved: 2022-12-19T00:00:00.000Z

Link: CVE-2021-4258

Vulnrichment

Updated: 2024-08-03T17:23:10.293Z

NVD

Status : Modified

Published: 2022-12-19T14:15:10.383

Modified: 2024-11-21T06:37:15.270

Link: CVE-2021-4258

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-4258", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2025-04-15T12:57:31.202Z", "dateReserved": "2022-12-19T00:00:00.000Z", "datePublished": "2022-12-19T00:00:00.000Z"}, "containers": {"cna": {"title": "whohas Package Information cleartext transmission", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-19T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack."}], "tags": ["disputed"], "affected": [{"vendor": "unspecified", "product": "whohas", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472"}, {"url": "https://vuldb.com/?id.216251"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-310 Cryptographic Issues -> CWE-319 Cleartext Transmission of Sensitive Information", "cweId": "CWE-310"}]}], "x_generator": "vuldb.com"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.293Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.216251", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T17:01:08.408182Z", "id": "CVE-2021-4258", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T12:57:31.202Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-4258", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2025-04-15T12:57:31.202Z", "dateReserved": "2022-12-19T00:00:00.000Z", "datePublished": "2022-12-19T00:00:00.000Z"}, "containers": {"cna": {"title": "whohas Package Information cleartext transmission", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-19T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack."}], "tags": ["disputed"], "affected": [{"vendor": "unspecified", "product": "whohas", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472"}, {"url": "https://vuldb.com/?id.216251"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-310 Cryptographic Issues -> CWE-319 Cleartext Transmission of Sensitive Information", "cweId": "CWE-310"}]}], "x_generator": "vuldb.com"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.293Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.216251", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-4258", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T17:01:08.408182Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T17:01:15.249Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:whohas_project:whohas:*:*:*:*:*:*:*:*", "matchCriteriaId": "3260C8E2-6A86-4CA6-834C-265BAB0E4FE8", "versionEndExcluding": "2021-11-01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en whohas. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del componente Package Information Handler. La manipulaci\u00f3n conduce a la transmisi\u00f3n en texto plano de informaci\u00f3n confidencial. El ataque puede iniciarse de forma remota. Por el momento todav\u00eda se duda de la existencia real de esta vulnerabilidad. El nombre del parche es 667c3e2e9178f15c23d7918b5db25cd0792c8472. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-216251. NOTA: La mayor\u00eda de las fuentes redirigen al sitio cifrado, lo que limita las posibilidades de un ataque."}], "id": "CVE-2021-4258", "lastModified": "2024-11-21T06:37:15.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-19T14:15:10.383", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.216251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.216251"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}