CVE-2019-20043 (GCVE-0-2019-20043)
Vulnerability from cvelistv5
Published
2019-12-27 07:14
Modified
2024-08-05 02:32
Severity ?
CWE
  • n/a
Summary
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.
References
cve@mitre.org https://core.trac.wordpress.org/changeset/46893/trunk Patch
cve@mitre.org https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9 Third Party Advisory
cve@mitre.org https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw Third Party Advisory
cve@mitre.org https://seclists.org/bugtraq/2020/Jan/8 Mailing List, Third Party Advisory
cve@mitre.org https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ Release Notes, Vendor Advisory
cve@mitre.org https://wpvulndb.com/vulnerabilities/9973 Release Notes, Third Party Advisory
cve@mitre.org https://www.debian.org/security/2020/dsa-4599 Third Party Advisory
cve@mitre.org https://www.debian.org/security/2020/dsa-4677 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://core.trac.wordpress.org/changeset/46893/trunk Patch
af854a3a-2127-422b-91ae-364da2661108 https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://seclists.org/bugtraq/2020/Jan/8 Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://wpvulndb.com/vulnerabilities/9973 Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://www.debian.org/security/2020/dsa-4599 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://www.debian.org/security/2020/dsa-4677 Third Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:32:10.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9973"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://core.trac.wordpress.org/changeset/46893/trunk"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9"
          },
          {
            "name": "20200108 [SECURITY] [DSA 4599-1] wordpress security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/8"
          },
          {
            "name": "DSA-4599",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4599"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw"
          },
          {
            "name": "DSA-4677",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4677"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-06T12:06:07",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9973"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://core.trac.wordpress.org/changeset/46893/trunk"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9"
        },
        {
          "name": "20200108 [SECURITY] [DSA 4599-1] wordpress security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/8"
        },
        {
          "name": "DSA-4599",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4599"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw"
        },
        {
          "name": "DSA-4677",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4677"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-20043",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpvulndb.com/vulnerabilities/9973",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9973"
            },
            {
              "name": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/",
              "refsource": "MISC",
              "url": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/"
            },
            {
              "name": "https://core.trac.wordpress.org/changeset/46893/trunk",
              "refsource": "MISC",
              "url": "https://core.trac.wordpress.org/changeset/46893/trunk"
            },
            {
              "name": "https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9",
              "refsource": "MISC",
              "url": "https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9"
            },
            {
              "name": "20200108 [SECURITY] [DSA 4599-1] wordpress security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/8"
            },
            {
              "name": "DSA-4599",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4599"
            },
            {
              "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw",
              "refsource": "CONFIRM",
              "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw"
            },
            {
              "name": "DSA-4677",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4677"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-20043",
    "datePublished": "2019-12-27T07:14:16",
    "dateReserved": "2019-12-27T00:00:00",
    "dateUpdated": "2024-08-05T02:32:10.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-20043\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-27T08:15:09.807\",\"lastModified\":\"2024-11-21T04:37:56.830\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.\"},{\"lang\":\"es\",\"value\":\"En wp-includes / rest-api / endpoints / class-wp-rest-posts-controller.php en WordPress  3.7 a 5.3.0, los usuarios autenticados que no tienen los derechos para publicar una publicaci\u00f3n pueden marcar publicaciones como fijas o antiadherente a trav\u00e9s de la API REST. Por ejemplo, el rol de contribuyente no tiene tales derechos, pero esto les permiti\u00f3 evitarlo. Esto se ha solucionado  en WordPress 5.3.1, junto con todas las versiones anteriores de WordPress desde 3.7 hasta la versi\u00f3n  5.3 a trav\u00e9s de una versi\u00f3n menor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.7\",\"versionEndExcluding\":\"5.3.1\",\"matchCriteriaId\":\"37547135-B954-4D1B-81E1-5F189A0993DA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://core.trac.wordpress.org/changeset/46893/trunk\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://wpvulndb.com/vulnerabilities/9973\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4599\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4677\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://core.trac.wordpress.org/changeset/46893/trunk\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://wpvulndb.com/vulnerabilities/9973\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4599\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4677\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.