9.9

CVE-2024-34082

Exploit

EPSS 3.07%
Veröffentlicht 15.05.2024 17:15:12
Zuletzt bearbeitet 02.01.2025 23:06:29
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Grav Arbitrary File Read to Account Takeover

Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Getgrav ≫ Grav Version < 1.7.46

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.07%	0.859

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com	8.5	3.1	4.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/getgrav/grav/commit/b6bba9eb99bf8cb55b8fa8d23f18873ca594e348

Patch

https://github.com/getgrav/grav/security/advisories/GHSA-f8v5-jmfh-pr69

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-34082

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-34082

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-34082

EUVD