Description: Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
CVE-2021-21425
CVSS Score: 9.8 (CRITICAL)
EPSS Score: 82.40%
Risk Score: 7.11 (CRITICAL)
Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.
Mitre ATT&CK Technical v15.1
T1153 – Source
T1583.004 – Server
T1589.001 – Credentials
T1584.004 – Server
T1053.002 – At
Technical Analysis & Mitigation Measures
Reference Links
https://pentest.blog/unexpected-journey-7-gravcms-unauthenticated-arbitrary-yaml-write-update-leads-to-code-execution/
https://github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-6f53-6qgv-39pj
http://packetstormsecurity.com/files/162283/GravCMS-1.10.7-Remote-Command-Execution.html
http://packetstormsecurity.com/files/162457/GravCMS-1.10.7-Remote-Command-Execution.html
Vendor - Produce - Version
Disclaimer
The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.