Plugins can be installed with minimal admin privileges
CVE-2021-29439

7.2HIGH

Key Information:

Vendor: Getgrav
Status: Grav-plugin-admin
Vendor: CVE Published:; 13 April 2021

What is CVE-2021-29439?

The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission admin.login can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the /admin path from untrusted sources will reduce the probability of exploitation.

Affected Version(s)

grav-plugin-admin < 1.10.11

References

https://github.com/getgrav/grav-plugin-admin/security/adv...

x_refsource_CONFIRM

https://blog.sonarsource.com/grav-cms-code-execution-vuln...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 13, 2021
Vulnerability Reserved
Mar 30, 2021

JSON

Getgrav

What is CVE-2021-29439?

Affected Version(s)

References

CVSS V3.1

Timeline