Security for everyone

CVE-2021-31856 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in Layer5 Meshery affects v. 0.5.2.

SCAN NOW

Short Info

Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2021-31856 Scanner Detail

Layer5 Meshery is a service mesh management plane that is used to monitor, validate and manage the performance, behavior and configuration of service meshes like Istio, Linkerd, Consul and others. The goal of Meshery is to facilitate integrating and operating service meshes seamlessly and reliably. It's designed with Kubernetes in mind and automates several complex operations that operators, developers and architects face when using Kubernetes and Service Mesh together.

CVE-2021-31856 is a critical vulnerability detected in Layer5 Meshery 0.5.2, posing a significant threat to security. An attacker can use the REST API of Meshery via the experimental/patternfiles endpoint to inject arbitrary SQL commands. An order parameter in GetMesheryPatterns in the models/meshery_pattern_persister.go file can be exploited for this purpose. The attacker can then execute malicious SQL commands through the endpoint, leading to the unauthorized access, manipulation and deletion of data.

The exploitation of CVE-2021-31856 could lead to serious consequences such as data manipulation, data theft and denial-of-service attacks. Attackers can use the vulnerability to infiltrate and compromise critical systems and sensitive data. The ability to execute arbitrary SQL commands through Meshery's REST API means that any data stored in the backend database, including configurations, logs, and credentials, is at risk of unauthorised access, modification or exfiltration.

Securityforeveryone.com is a powerful analytical platform for discovering and analyzing security vulnerabilities in digital assets. Thanks to its premium features, such as vulnerability management and threat intelligence, readers of this article can easily and quickly learn about vulnerabilities in their digital assets and take necessary precautions to avoid exploitation. The Platform is designed to provide complete visibility, allowing for comprehensive risk management of the assets and applications. Security is not a one-time event, but a continuous process that requires vigilance and a proactive approach.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture