cnvd - cnvd-2021-50144

cnvd-2021-50144

Vulnerability from cnvd

Title: WordPress BuddyPress权限提升漏洞

Description:

WordPress是WordPress（Wordpress）基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。

BuddyPress 在 5.0.0和7.2.1 之前存在安全漏洞，攻击者可利用该漏洞将非特权的普通用户利用REST API成员端点中的问题获得管理员权限。

Severity: 高

Patch Name: WordPress BuddyPress权限提升漏洞的补丁

Patch Description:

WordPress是WordPress（Wordpress）基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。

BuddyPress 在 5.0.0和7.2.1 之前存在安全漏洞，攻击者可利用该漏洞将非特权的普通用户利用REST API成员端点中的问题获得管理员权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://buddypress.org/2021/03/buddypress-7-2-1-security-release/

Reference: https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3

Impacted products

Name
WordPress BuddyPress >=5.0.0，<7.2.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21389",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-21389"
    }
  },
  "description": "WordPress\u662fWordPress\uff08Wordpress\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002\n\nBuddyPress \u5728 5.0.0\u548c7.2.1 \u4e4b\u524d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u975e\u7279\u6743\u7684\u666e\u901a\u7528\u6237\u5229\u7528REST API\u6210\u5458\u7aef\u70b9\u4e2d\u7684\u95ee\u9898\u83b7\u5f97\u7ba1\u7406\u5458\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://buddypress.org/2021/03/buddypress-7-2-1-security-release/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-50144",
  "openTime": "2021-07-12",
  "patchDescription": "WordPress\u662fWordPress\uff08Wordpress\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002\r\n\r\nBuddyPress \u5728 5.0.0\u548c7.2.1 \u4e4b\u524d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u975e\u7279\u6743\u7684\u666e\u901a\u7528\u6237\u5229\u7528REST API\u6210\u5458\u7aef\u70b9\u4e2d\u7684\u95ee\u9898\u83b7\u5f97\u7ba1\u7406\u5458\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress BuddyPress\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress BuddyPress \u003e=5.0.0\uff0c\u003c7.2.1"
  },
  "referenceLink": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3",
  "serverity": "\u9ad8",
  "submitTime": "2021-04-30",
  "title": "WordPress BuddyPress\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2021-21389 (GCVE-0-2021-21389)

Vulnerability from cvelistv5

Published

2021-03-26 20:15

Modified

2024-08-03 18:09

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-863 - Incorrect Authorization

Summary

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

References

▼	URL	Tags
	https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3	x_refsource_CONFIRM
	https://buddypress.org/2021/03/buddypress-7-2-1-security-release/	x_refsource_MISC
	https://codex.buddypress.org/releases/version-7-2-1/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	buddypress	BuddyPress	Version: >= 5.0.0, < 7.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:09:15.798Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://codex.buddypress.org/releases/version-7-2-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BuddyPress",
          "vendor": "buddypress",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 7.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it\u0027s possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization ",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-26T20:15:14",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://codex.buddypress.org/releases/version-7-2-1/"
        }
      ],
      "source": {
        "advisory": "GHSA-m6j4-8r7p-wpp3",
        "discovery": "UNKNOWN"
      },
      "title": "BuddyPress privilege escalation via REST API",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-21389",
          "STATE": "PUBLIC",
          "TITLE": "BuddyPress privilege escalation via REST API"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BuddyPress",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 5.0.0, \u003c 7.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "buddypress"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it\u0027s possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863: Incorrect Authorization "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3",
              "refsource": "CONFIRM",
              "url": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3"
            },
            {
              "name": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/",
              "refsource": "MISC",
              "url": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/"
            },
            {
              "name": "https://codex.buddypress.org/releases/version-7-2-1/",
              "refsource": "MISC",
              "url": "https://codex.buddypress.org/releases/version-7-2-1/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-m6j4-8r7p-wpp3",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-21389",
    "datePublished": "2021-03-26T20:15:14",
    "dateReserved": "2020-12-22T00:00:00",
    "dateUpdated": "2024-08-03T18:09:15.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted