CVE-2021-32752

Опубликовано: 09 июл. 2021

Источник: nvd

CVSS3: 7.2

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.

Ссылки

https://github.com/ethercreative/logs/releases/tag/3.0.4
Release Notes
Third Party Advisory
https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m
Third Party Advisory
https://github.com/ethercreative/logs/releases/tag/3.0.4
Release Notes
Third Party Advisory
https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ethercreative:logs:*:*:*:*:*:*:*:*

Версия до 3.0.4 (исключая)

EPSS

Процентиль: 73%

0.00773

Низкий

7.2 High

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-552

Связанные уязвимости

GHSA-fp63-499m-hq6m

CVSS3: 7.2

github

больше 4 лет назад

Files or Directories Accessible to External Parties in ether/logs

EPSS

Процентиль: 73%

0.00773

Низкий

7.2 High

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-552