CVE-2021-23259 - OpenCVE

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Craftercms	Crafter Cms

Configuration 1 [-]

cpe:2.3:a:craftercms:crafter_cms:*:*:*:*:*:*:*:*

References

Link	Resource
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: crafter

Published: 2021-12-01T00:00:00

Updated: 2021-12-02T15:40:55

Reserved: 2021-01-08T00:00:00

Link: CVE-2021-23259

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-12-02T16:15:07.513

Modified: 2021-12-03T14:28:55.337

Link: CVE-2021-23259

JSON object: View

Redhat Information

No data.

CWE

CWE-913

{"containers": {"cna": {"affected": [{"product": "Crafter CMS", "vendor": "Crafter Software", "versions": [{"lessThan": "3.1.12", "status": "affected", "version": "3.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Kai Zhao (ToTU Security Team)"}], "datePublic": "2021-12-01T00:00:00", "descriptions": [{"lang": "en", "value": "Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-913", "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-02T15:40:55", "orgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd", "shortName": "crafter"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102"}], "source": {"discovery": "EXTERNAL"}, "title": "Groovy Sandbox Bypass", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@craftersoftware.com", "DATE_PUBLIC": "2021-12-01T15:40:00.000Z", "ID": "CVE-2021-23259", "STATE": "PUBLIC", "TITLE": "Groovy Sandbox Bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Crafter CMS", "version": {"version_data": [{"version_affected": "<", "version_name": "3.1", "version_value": "3.1.12"}]}}]}, "vendor_name": "Crafter Software"}]}}, "credit": [{"lang": "eng", "value": "Kai Zhao (ToTU Security Team)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE)."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"}]}]}, "references": {"reference_data": [{"name": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102", "refsource": "MISC", "url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd", "assignerShortName": "crafter", "cveId": "CVE-2021-23259", "datePublished": "2021-12-01T00:00:00", "dateReserved": "2021-01-08T00:00:00", "dateUpdated": "2021-12-02T15:40:55", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:craftercms:crafter_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6B0250B-7A80-4E49-9502-808764EAFAA7", "versionEndExcluding": "3.1.12", "versionStartIncluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE)."}, {"lang": "es", "value": "Los usuarios autenticados con roles de Administrador o Desarrollador pueden ejecutar comandos del sistema operativo mediante el Script Groovy que usa Groovy lib para renderizar una p\u00e1gina web. El script groovy no presenta restricciones de seguridad, lo que causar\u00e1 que atacantes ejecuten comandos arbitrarios de forma remota (RCE)"}], "id": "CVE-2021-23259", "lastModified": "2021-12-03T14:28:55.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "security@craftersoftware.com", "type": "Secondary"}]}, "published": "2021-12-02T16:15:07.513", "references": [{"source": "security@craftersoftware.com", "tags": ["Vendor Advisory"], "url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102"}], "sourceIdentifier": "security@craftersoftware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-913"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-913"}], "source": "security@craftersoftware.com", "type": "Secondary"}]}