Lucene search

GitHub Advisory DatabaseGHSA-R6FX-55X3-F9X6

HistoryMay 17, 2022 - 12:00 a.m.

Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources

2022-05-1700:00:34

CWE-913

GitHub Advisory Database

github.com

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

42.9%

JSON

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.

Affected configurations

Vulners

Node

org.craftercms\crafterMatchstudio

CPENameOperatorVersion
org.craftercms:crafter-studiolt3.1.18

CPE	Name	Operator	Version
	org.craftercms:crafter-studio	lt	3.1.18

References

docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051603

github.com/advisories/GHSA-r6fx-55x3-f9x6

nvd.nist.gov/vuln/detail/CVE-2021-23267

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

42.9%

JSON

Related for GHSA-R6FX-55X3-F9X6