CVE-2024-27921

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99	Patch
https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc	Exploit Vendor Advisory
https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99	Patch
https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*

History

02 Jan 2025, 22:57

Type	Values Removed	Values Added
First Time		Getgrav Getgrav grav
CPE		cpe:2.3:a:getgrav:grav::::::::
References	~~() https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99 -~~	() https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99 - Patch
References	~~() https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc -~~	() https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc - Exploit, Vendor Advisory

Information

Published : 2024-03-21 22:15

Updated : 2025-01-02 22:57

NVD link : CVE-2024-27921

Mitre link : CVE-2024-27921

CVE.ORG link : CVE-2024-27921

JSON object : View

Products Affected

getgrav

grav

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-27921", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-03-21T22:15:11.137", "references": [{"url": "https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue."}, {"lang": "es", "value": "Grav es un sistema de gesti\u00f3n de contenidos de archivos planos de c\u00f3digo abierto. Se identific\u00f3 una vulnerabilidad de path traversal de carga de archivos en la aplicaci\u00f3n anterior a la versi\u00f3n 1.7.45, lo que permite a los atacantes reemplazar o crear archivos con extensiones como .json, .zip, .css, .gif, etc. Esta falla de seguridad cr\u00edtica plantea riesgos graves , que puede permitir a los atacantes inyectar c\u00f3digo arbitrario en el servidor, socavar la integridad de los archivos de respaldo sobrescribiendo archivos existentes o creando otros nuevos, y exfiltrar datos confidenciales utilizando t\u00e9cnicas de exfiltraci\u00f3n CSS. Actualizar a la versi\u00f3n parcheada 1.7.45 puede mitigar el problema."}], "lastModified": "2025-01-02T22:57:17.910", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9B96288-8090-4AF9-91EF-CBFCEB60039C", "versionEndExcluding": "1.7.45"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}