CVE-2021-40875 Scanner

Gurock TestRail is a popular software application used by software development teams and quality assurance departments to manage and organize their testing efforts. The product offers comprehensive test case management, test planning, and reporting capabilities that help organizations streamline their testing efforts. Among its key features is the ability to manage test cases across projects and test suites, which greatly simplifies the task of tracking testing progress and results.

Recently, a vulnerability named CVE-2021-40875 was detected in Gurock TestRail versions below 7.2.0.3014. The vulnerability is a result of improper access control, where sensitive information is exposed. By gaining access to the /files.md5 file on the client side of the application, a potential attacker can expose a list of all the application files along with the corresponding file paths. This could potentially lead to the exposure of some hardcoded credentials, API keys, or other sensitive information.

The exploitation of this vulnerability can lead to some serious consequences for organizations, primarily in terms of the exposure of sensitive information. In the wrong hands, this information can be used to launch attacks on the organization or to expose other digital assets. Without adequate protection, such exploitation may result in the loss of reputation and customers, among other things.

Thanks to the pro features of securityforeveryone.com platform, those who read this article can easily and quickly learn about vulnerabilities in their own digital assets. By leveraging the power of comprehensive vulnerability reports and in-depth analyses, securityforeveryone.com provides organizations with a platform to proactively identify and address vulnerabilities before they are exploited by potential attackers. This can help organizations save money, time, and most importantly, reputation. With a proactive approach to security, organizations can better protect their digital assets and maintain the trust of their customers and stakeholders.

REFERENCES

• http://packetstormsecurity.com/files/164270/Gurock-Testrail-7.2.0.3014-Improper-Access-Control.html
• https://github.com/SakuraSamuraii/derailed
• https://johnjhacking.com/blog/cve-2021-40875/
• https://www.gurock.com/testrail/tour/enterprise-edition