PT-2021-24069 · Portswigger+1 · Portswigger Burp Suite Enterprise Edition+1

Vijay Tikudave

Published

2021-11-30

Updated

2021-12-01

CVE-2021-44230

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: PortSwigger Burp Suite Enterprise Edition versions prior to 2021.11

Description: The issue is related to weak file permissions for the embedded H2 database in PortSwigger Burp Suite Enterprise Edition. This could lead to privilege escalation if an adversary has already compromised a valid Windows account on the server. The compromised account may have inherited read access to sensitive configuration, database, and log files.

Recommendations: For versions prior to 2021.11, update to version 2021.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded H2 database to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2021-44230

Affected Products

Portswigger Burp Suite Enterprise Edition

Windows

PT-2021-24069 · Portswigger+1 · Portswigger Burp Suite Enterprise Edition+1

CVE-2021-44230

Weakness Enumeration

Related Identifiers

Affected Products

References · 4