CVE-2021-42948

NameCVE-2021-42948
DescriptionHotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
hoteldruid (PTS)jessie2.1.0-1vulnerable
stretch2.2.0-1vulnerable
buster2.3.2-1vulnerable
bullseye3.0.1-1vulnerable
bookworm3.0.4-1fixed
sid, trixie3.0.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
hoteldruidsourcejessie(unfixed)end-of-life
hoteldruidsource(unstable)3.0.4-1

Notes

[bullseye] - hoteldruid <no-dsa> (Minor issue)
[buster] - hoteldruid <no-dsa> (Minor issue)
[stretch] - hoteldruid <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems