CVE-2022-0633 - OpenCVE

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Updraftplus	Updraftplus

Configuration 1 [-]

OR	cpe:2.3:a:updraftplus:updraftplus:::::free:wordpress::
	cpe:2.3:a:updraftplus:updraftplus:::::premium:wordpress::

References

Link	Resource
http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html	Exploit Third Party Advisory VDB Entry
https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/	Exploit Third Party Advisory
https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/	Release Notes Vendor Advisory
https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-02-17T18:45:11

Updated: 2022-02-18T18:06:20

Reserved: 2022-02-16T00:00:00

Link: CVE-2022-0633

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-17T19:15:08.030

Modified: 2022-02-18T21:19:33.647

Link: CVE-2022-0633

JSON object: View

Redhat Information

No data.

CWE

CWE-863

{"containers": {"cna": {"affected": [{"product": "UpdraftPlus WordPress Backup Plugin (Free)", "vendor": "UpdraftPlus", "versions": [{"lessThan": "1.22.3", "status": "affected", "version": "1.22.3", "versionType": "custom"}]}, {"product": "UpdraftPlus WordPress Backup Plugin (Premium)", "vendor": "UpdraftPlus", "versions": [{"lessThan": "2.22.3", "status": "affected", "version": "2.22.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Marc Montpas"}], "descriptions": [{"lang": "en", "value": "The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-18T18:06:20", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/"}, {"tags": ["x_refsource_MISC"], "url": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html"}], "source": {"discovery": "EXTERNAL"}, "title": "UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-0633", "STATE": "PUBLIC", "TITLE": "UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "UpdraftPlus WordPress Backup Plugin (Free)", "version": {"version_data": [{"version_affected": "<", "version_name": "1.22.3", "version_value": "1.22.3"}]}}, {"product_name": "UpdraftPlus WordPress Backup Plugin (Premium)", "version": {"version_data": [{"version_affected": "<", "version_name": "2.22.3", "version_value": "2.22.3"}]}}]}, "vendor_name": "UpdraftPlus"}]}}, "credit": [{"lang": "eng", "value": "Marc Montpas"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863 Incorrect Authorization"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3"}, {"name": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/", "refsource": "CONFIRM", "url": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/"}, {"name": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/", "refsource": "MISC", "url": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/"}, {"name": "http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-0633", "datePublished": "2022-02-17T18:45:11", "dateReserved": "2022-02-16T00:00:00", "dateUpdated": "2022-02-18T18:06:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "24F5FC85-3B30-47E3-B4F1-45EA6B0CE29A", "versionEndExcluding": "1.22.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:premium:wordpress:*:*", "matchCriteriaId": "03044625-4866-42F4-8240-C7F7945339FF", "versionEndExcluding": "2.22.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup."}, {"lang": "es", "value": "El plugin UpdraftPlus Free de WordPress versiones anteriores a 1.22.3 y Premium versiones anteriores a 2.22.3, no comprueba apropiadamente que un usuario tenga los privilegios necesarios para acceder al identificador nonce de una copia de seguridad, lo que puede permitir a cualquier usuario con una cuenta en el sitio (como suscriptor) descargar la copia de seguridad m\u00e1s reciente del sitio y de la base de datos"}], "id": "CVE-2022-0633", "lastModified": "2022-02-18T21:19:33.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-17T19:15:08.030", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/"}, {"source": "contact@wpscan.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/"}, {"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "contact@wpscan.com", "type": "Secondary"}]}