1.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.6%
Users registering via the user:register_form
tag will have their password confirmation stored in plain text in their user file.
This only affects sites matching all of the following conditions:
user:register_form
tag.The password is only visible to users that have access to read user yaml files, typically developers of the application itself.
The issue has been patched in 5.6.2, however any users registered during that time period and using the affected version range will still have the the password_confirmation
value in their yaml files.
We recommend that affected users have their password reset. The following query can be entered into php artisan tinker
and will output a list of affected emails:
Statamic\Facades\User::query()->whereNotNull('password_confirmation')->get()->map->email
The following can be entered into tinker
and will clear both password_confirmation as well as their existing password. They will be required to reset their password before their next login attempt.
Statamic\Facades\User::query()
->whereNotNull('password_confirmation')->get()
->each(fn ($user) => $user->remove('password_confirmation')->passwordHash(null)->save());
If you are committing user files to a public git repo, you may consider clearing the sensitive data from the git history. You can use the following links for details.
CPE | Name | Operator | Version |
---|---|---|---|
statamic/cms | lt | 5.6.2 |
dev.to/balogh08/cleaning-your-git-history-safely-removing-sensitive-data-10i5
docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository
github.com/advisories/GHSA-qvpj-w7xj-r6w9
github.com/statamic/cms/commit/0b804306c96c99b81755d5bd02df87ddf392853e
github.com/statamic/cms/security/advisories/GHSA-qvpj-w7xj-r6w9
nvd.nist.gov/vuln/detail/CVE-2024-36119
1.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.6%