gsd - gsd-2023-34370

gsd-2023-34370

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.

Aliases

CVE-2023-34370

Aliases

CVE-2023-34370

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-34370",
    "id": "GSD-2023-34370"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-34370"
      ],
      "details": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.\n\n",
      "id": "GSD-2023-34370",
      "modified": "2023-12-13T01:20:31.046075Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "audit@patchstack.com",
        "ID": "CVE-2023-34370",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "changes": [
                                  {
                                    "at": "3.2.5",
                                    "status": "unaffected"
                                  }
                                ],
                                "lessThanOrEqual": "3.2.4",
                                "status": "affected",
                                "version": "n/a",
                                "versionType": "custom"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Premium Starter Templates",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "changes": [
                                  {
                                    "at": "3.2.5",
                                    "status": "unaffected"
                                  }
                                ],
                                "lessThanOrEqual": "3.2.4",
                                "status": "affected",
                                "version": "n/a",
                                "versionType": "custom"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Brainstorm Force"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-918",
                "lang": "eng",
                "value": "CWE-918 Server-Side Request Forgery (SSRF)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u0026nbsp;3.2.5 or a higher versions."
            }
          ],
          "value": "Update to\u00a03.2.5 or a higher versions."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.\n\n"
          }
        ],
        "id": "CVE-2023-34370",
        "lastModified": "2024-03-28T12:42:56.150",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 4.7,
              "source": "audit@patchstack.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-03-28T06:15:07.717",
        "references": [
          {
            "source": "audit@patchstack.com",
            "url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          }
        ],
        "sourceIdentifier": "audit@patchstack.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-918"
              }
            ],
            "source": "audit@patchstack.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

cve-2023-34370

Vulnerability from cvelistv5

Published

2024-03-28 06:07

Modified

2024-08-02 16:10

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Summary

References

▼	URL	Tags
	https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve	vdb-entry
	https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve	vdb-entry

Impacted products

Vendor

Product

Version

▼

Brainstorm Force

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Version: n/a <

Brainstorm Force

Premium Starter Templates

Version: n/a <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-34370",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T15:47:26.011519Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-19T21:07:39.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:10:06.781Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "astra-sites",
          "product": "Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates",
          "vendor": "Brainstorm Force",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.2.5",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.2.4",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Premium Starter Templates",
          "vendor": "Brainstorm Force",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.2.5",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.2.4",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress \u0026amp; Beaver Builder Templates, Brainstorm Force Premium Starter Templates.\u003cp\u003eThis issue affects Starter Templates \u2014 Elementor, WordPress \u0026amp; Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.\u003c/p\u003e"
            }
          ],
          "value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-28T06:07:31.872Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u0026nbsp;3.2.5 or a higher versions."
            }
          ],
          "value": "Update to\u00a03.2.5 or a higher versions."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Server Side Request Forgery (SSRF) vulnerability in Starter Templates plugins",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-34370",
    "datePublished": "2024-03-28T06:07:31.872Z",
    "dateReserved": "2023-06-02T15:45:18.619Z",
    "dateUpdated": "2024-08-02T16:10:06.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted