CVE-2021-39196
HIGHpcapture < 3.12 - Authenticated Unauthorized Packet Capture via REST API
Title source: llmDescription
pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/jdhwpgmbca/pcapture/security/advisories/GHSA-3r67-fxpr-p2qx
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/jdhwpgmbca/pcapture/issues/7
Patch, Third Party Advisory x_refsource_misc
https://github.com/jdhwpgmbca/pcapture/commit/0f74f431e0970a2e5784dbd955cfa4760e3b1ef7
Scores
CVSS v3
7.7
EPSS
0.0121
EPSS Percentile
64.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-754
CWE-287
Status
published
Products (1)
pcapture_project/pcapture
< 3.12
Published
Sep 07, 2021
Tracked Since
Feb 18, 2026