Описание
Files or Directories Accessible to External Parties in ether/logs
Impact
A vulnerability was found that allowed authenticated admin users to access any file on the server.
Patches
The vulnerability has been fixed in 3.0.4.
Workarounds
We recommend disabling the plugin if untrustworthy sources have admin access.
For more information
If you have any questions or comments about this advisory:
- Open an issue in ether/logs
Пакеты
Наименование
ether/logs
composer
Затронутые версииВерсия исправления
< 3.0.4
3.0.4
Связанные уязвимости
CVSS3: 7.2
nvd
больше 4 лет назад
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.