NVD Vulnerability Detail

CVE-2021-21425

Summary	Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
Publication Date	April 8, 2021, 4:15 a.m.
Registration Date	April 8, 2021, 10:02 a.m.
Last Update	Nov. 21, 2024, 2:48 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:getgrav:grav-plugin-admin::::::::					1.10.8

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/162283/GravCMS-1.10.7-Remote-Command-Execution.html	Third Party Advisory VDB Entry
2	http://packetstormsecurity.com/files/162283/GravCMS-1.10.7-Remote-Command-Execution.html	Third Party Advisory VDB Entry
3	http://packetstormsecurity.com/files/162457/GravCMS-1.10.7-Remote-Command-Execution.html	Third Party Advisory VDB Entry
4	http://packetstormsecurity.com/files/162457/GravCMS-1.10.7-Remote-Command-Execution.html	Third Party Advisory VDB Entry
5	https://github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-6f53-6qgv-39pj	Third Party Advisory
6	https://github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-6f53-6qgv-39pj	Third Party Advisory
7	https://pentest.blog/unexpected-journey-7-gravcms-unauthenticated-arbitrary-yaml-write-update-leads-to-code-execution/	Exploit Third Party Advisory
8	https://pentest.blog/unexpected-journey-7-gravcms-unauthenticated-arbitrary-yaml-write-update-leads-to-code-execution/	Exploit Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

Grav Admin Plugin における認証の欠如に関する脆弱性

Title	Grav Admin Plugin における認証の欠如に関する脆弱性
Summary	Grav Admin Plugin には、認証の欠如に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 7, 2021, midnight
Registration Date	Dec. 15, 2021, 5:55 p.m.
Last Update	Dec. 15, 2021, 5:55 p.m.

Affected System

Grav CMS

Grav Admin Plugin 1.10.7 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-21425	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21425
National Vulnerability Database (NVD)
2	CVE-2021-21425	https://nvd.nist.gov/vuln/detail/CVE-2021-21425

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-862	https://cwe.mitre.org/data/definitions/862.html

ベンダー情報

No	Name	URL
GitHub
1	Unauthenticated Arbitrary YAML Write/Update leads to Code Execution	https://github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-6f53-6qgv-39pj

その他

No	Name	URL
関連文書
1	GravCMS 1.10.7 Remote Command Execution	http://packetstormsecurity.com/files/162283/GravCMS-1.10.7-Remote-Command-Execution.html

Change Log

No	Changed Details	Date of change
1	[2021年12月15日] 掲載	Dec. 15, 2021, 5:55 p.m.