CVE-2021-27786 – HCL OneTest Server is vulnerable to Cross Origin Resource Sharing: Arbitrary Origin Trusted

https://notcve.org/view.php?id=CVE-2021-27786

Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. Una compartición de recursos entre orígenes (CORS) permite a navegadores llevar a cabo peticiones entre dominios de forma controlada. Esta petición presenta un encabezado Origin que identifica el dominio que realiza la petición inicial y define el protocolo entre un navegador y un servidor para ver si la petición está permitida. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098603 • CWE-697: Incorrect Comparison CWE-942: Permissive Cross-domain Policy with Untrusted Domains •