CVE-2021-25020 - OpenCVE

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Daan	Complete Analytics Optimization Suite

Configuration 1 [-]

cpe:2.3:a:daan:complete_analytics_optimization_suite:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/67398332-b93e-46ae-8904-68419949a124	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-01-03T12:49:13

Updated: 2022-01-03T12:49:13

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-25020

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-03T13:15:08.957

Modified: 2024-01-18T14:44:33.163

Link: CVE-2021-25020

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "CAOS | Host Google Analytics Locally", "vendor": "Unknown", "versions": [{"lessThan": "4.1.9", "status": "affected", "version": "4.1.9", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Jos\u00e9 Aguilera"}], "descriptions": [{"lang": "en", "value": "The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-03T12:49:13", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/67398332-b93e-46ae-8904-68419949a124"}], "source": {"discovery": "EXTERNAL"}, "title": "CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-25020", "STATE": "PUBLIC", "TITLE": "CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CAOS | Host Google Analytics Locally", "version": {"version_data": [{"version_affected": "<", "version_name": "4.1.9", "version_value": "4.1.9"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Jos\u00e9 Aguilera"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/67398332-b93e-46ae-8904-68419949a124", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/67398332-b93e-46ae-8904-68419949a124"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-25020", "datePublished": "2022-01-03T12:49:13", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2022-01-03T12:49:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:daan:complete_analytics_optimization_suite:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0950655A-F550-4056-AF69-CA28ADBC57CE", "versionEndExcluding": "4.1.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin"}, {"lang": "es", "value": "El plugin CAOS | Host Google Analytics Locally de WordPress versiones anteriores a 4.1.9, no comprueba la configuraci\u00f3n del directorio de cach\u00e9, permitiendo a usuarios con privilegios elevados usar un vector de b\u00fasqueda de rutas y eliminar carpetas arbitrarias cuando es desinstalado el plugin"}], "id": "CVE-2021-25020", "lastModified": "2024-01-18T14:44:33.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-03T13:15:08.957", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/67398332-b93e-46ae-8904-68419949a124"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "contact@wpscan.com", "type": "Secondary"}]}