CVE-2021-39173

Name of the Vulnerable Software and Affected Versions Cachet versions prior to 2.5.1

Description Cachet is an open source status page system. Authenticated users, regardless of their privileges, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed by improving the middleware ReadyForUse, which now performs a stricter validation of the instance name. As a workaround, only allow trusted source IP addresses to access the administration dashboard.

Recommendations For versions prior to 2.5.1, update to version 2.5.1 to resolve the issue. As a temporary workaround, consider restricting access to the administration dashboard by only allowing trusted source IP addresses.