CVE-2021-29439

The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation.
Configurations

Configuration 1 (hide)

cpe:2.3:a:getgrav:grav_admin:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:01

Type Values Removed Values Added
References () https://github.com/getgrav/grav-plugin-admin/commit/a220359877fd1281f76ba732e5308e0e3002e4b1 - () https://github.com/getgrav/grav-plugin-admin/commit/a220359877fd1281f76ba732e5308e0e3002e4b1 -
References () https://github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-wg37-cf5x-55hq - Third Party Advisory () https://github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-wg37-cf5x-55hq - Third Party Advisory

06 Nov 2023, 22:15

Type Values Removed Values Added
References
  • {'url': 'https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities', 'name': 'https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • (MISC) https://github.com/getgrav/grav-plugin-admin/commit/a220359877fd1281f76ba732e5308e0e3002e4b1 -
Summary The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation. The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation.

Information

Published : 2021-04-13 20:15

Updated : 2024-11-21 06:01


NVD link : CVE-2021-29439

Mitre link : CVE-2021-29439

CVE.ORG link : CVE-2021-29439


JSON object : View

Products Affected

getgrav

  • grav_admin
CWE
CWE-863

Incorrect Authorization