CVE-2021-21425

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/07/2021 07:44:00 PM UTC

CVE-2021-21425 - advisory for GHSA-6f53-6qgv-39pj

Source: Mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

The following vulnerability was found:

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.

  • CVE-2021-21425 has been assigned by [email protected] to track the vulnerability
  • Affected Vendor/Software: getgrav - grav-plugin-admin version <= 1.10.7

CVE References

Description Tags Link
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution · Advisory · getgrav/grav-plugin-admin · GitHub github.com
text/html
URL Logo CONFIRM github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-6f53-6qgv-39pj
Unexpected Journey #7 – GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution – Pentest Blog pentest.blog
text/html
URL Logo MISC pentest.blog/unexpected-journey-7-gravcms-unauthenticated-arbitrary-yaml-write-update-leads-to-code-execution/

Known Affected Software

Vendor Product Version
Getgrav Grav-plugin-admin <= 1.10.7

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-21425 : Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and m… twitter.com/i/web/status/1… 2021-04-07 18:22:07
Twitter Icon @threatmeter Grav Admin Plugin up to 1.10.7 access control [CVE-2021-21425] A vulnerability classified as critical has been foun… twitter.com/i/web/status/1… 2021-04-08 08:54:37
Twitter Icon @_r_netsec Unexpected Journey #7 – GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution (CVE-2021-21425) pentest.blog/unexpected-jou… 2021-04-08 09:28:06
Twitter Icon @CybrXx0 Unexpected Journey #7 – GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution (CVE-2021-21425… twitter.com/i/web/status/1… 2021-04-08 10:26:08
Twitter Icon @ipssignatures I know no IPS that has a protection/signature/rule for the vulnerability CVE-2021-21425. The vuln was published 0 d… twitter.com/i/web/status/1… 2021-04-08 17:04:01
Twitter Icon @ipssignatures The vuln CVE-2021-21425 has a tweet created 0 days ago and retweeted 7 times. twitter.com/_r_netsec/stat… #Shi2huapkxb3mg 2021-04-08 17:04:01
Reddit Logo Icon /r/netsec Unexpected Journey #7 – GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution (CVE-2021-21425) 2021-04-08 09:18:15