CVE-2021-21389 - OpenCVE

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Buddypress	Buddypress

Configuration 1 [-]

cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://buddypress.org/2021/03/buddypress-7-2-1-security-release/	Release Notes Vendor Advisory
https://codex.buddypress.org/releases/version-7-2-1/	Release Notes Vendor Advisory
https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-03-26T20:15:14

Updated: 2021-03-26T20:15:14

Reserved: 2020-12-22T00:00:00

Link: CVE-2021-21389

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-26T21:15:13.520

Modified: 2021-04-01T15:45:05.237

Link: CVE-2021-21389

JSON object: View

Redhat Information

No data.

CWE

CWE-863

{"containers": {"cna": {"affected": [{"product": "BuddyPress", "vendor": "buddypress", "versions": [{"status": "affected", "version": ">= 5.0.0, < 7.2.1"}]}], "descriptions": [{"lang": "en", "value": "BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization ", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-26T20:15:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3"}, {"tags": ["x_refsource_MISC"], "url": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/"}, {"tags": ["x_refsource_MISC"], "url": "https://codex.buddypress.org/releases/version-7-2-1/"}], "source": {"advisory": "GHSA-m6j4-8r7p-wpp3", "discovery": "UNKNOWN"}, "title": "BuddyPress privilege escalation via REST API", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21389", "STATE": "PUBLIC", "TITLE": "BuddyPress privilege escalation via REST API"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BuddyPress", "version": {"version_data": [{"version_value": ">= 5.0.0, < 7.2.1"}]}}]}, "vendor_name": "buddypress"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863: Incorrect Authorization "}]}]}, "references": {"reference_data": [{"name": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3", "refsource": "CONFIRM", "url": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3"}, {"name": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/", "refsource": "MISC", "url": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/"}, {"name": "https://codex.buddypress.org/releases/version-7-2-1/", "refsource": "MISC", "url": "https://codex.buddypress.org/releases/version-7-2-1/"}]}, "source": {"advisory": "GHSA-m6j4-8r7p-wpp3", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-21389", "datePublished": "2021-03-26T20:15:14", "dateReserved": "2020-12-22T00:00:00", "dateUpdated": "2021-03-26T20:15:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "22E0A24D-C677-49B3-AD8D-4D5F342F1CBF", "versionEndExcluding": "7.2.1", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue."}, {"lang": "es", "value": "BuddyPress es un plugin de WordPress de c\u00f3digo abierto para crear un sitio comunitario. En versiones de BuddyPress de 5.0.0 versiones anteriores a 7.2.1, es posible para un usuario regular sin privilegios obtener derechos de administrador al explotar un problema en el endpoint de los miembros de la API REST. La vulnerabilidad ha sido corregida en BuddyPress versi\u00f3n 7.2.1. Las instalaciones existentes del plugin deben actualizarse a esta versi\u00f3n para mitigar el problema."}], "id": "CVE-2021-21389", "lastModified": "2021-04-01T15:45:05.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-03-26T21:15:13.520", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://codex.buddypress.org/releases/version-7-2-1/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}