5.3

CVE-2021-39200

EPSS 1.77%
Veröffentlicht 09.09.2021 22:15:09
Zuletzt bearbeitet 21.11.2024 06:18:52
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wordpress ≫ Wordpress Version >= 5.2 < 5.8.1

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.77%	0.82

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
security-advisories@github.com	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5

Third Party Advisory

https://hackerone.com/reports/1142140

Permissions Required

https://www.debian.org/security/2021/dsa-4985

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-39200

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-39200

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-39200

EUVD