The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation.
References
Configurations
History
06 Nov 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation. |
Information
Published : 2021-04-13 20:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-29439
Mitre link : CVE-2021-29439
CVE.ORG link : CVE-2021-29439
JSON object : View
Products Affected
getgrav
- grav_admin
CWE
CWE-863
Incorrect Authorization