Vulnerability DatabaseCVE-2021-3305

CVE-2021-3305:
NixOS vulnerability analysis and mitigation

Overview

Beijing Feishu Technology Co., Ltd Feishu (also known as Lark) version 3.40.3 was discovered to contain an untrusted search path vulnerability. The vulnerability was identified and tracked as CVE-2021-3305, affecting versions from 3.40.3 up to 3.41.3 (NVD).

Technical details

The vulnerability is classified as an untrusted search path vulnerability, identified as CWE-426. The severity assessment according to CVSS 3.1 indicates a High severity with a Base Score of 7.8. The attack vector is Local (AV:L), with Low attack complexity (AC:L), requiring No privileges (PR:N), and User interaction (UI:R). The scope is Unchanged (S:U), with High impact on Confidentiality, Integrity, and Availability (C:H/I:H/A:H) (NVD).

Impact

The vulnerability could potentially lead to significant security implications with High impact ratings across Confidentiality, Integrity, and Availability. This indicates that successful exploitation could result in complete compromise of the affected system's security (NVD).

Mitigation and workarounds

Users are advised to update their Feishu/Lark installation to a version newer than 3.41.3. The vendor has addressed this vulnerability in subsequent releases (Feishu).