CVE-2020-29556 - Vulnerability Details

Vendors	Products
Getgrav	Grav Cms

Link	Providers
https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-15T17:58:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-29556", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/", "refsource": "MISC", "url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:55:10.299Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-29556", "datePublished": "2021-03-15T17:58:17", "dateReserved": "2020-12-04T00:00:00", "dateUpdated": "2024-08-04T16:55:10.299Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-03-15T17:58:17 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/ (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2020-29556 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/ (string)

refsource : MISC (string)

url : https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T16:55:10.299Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2020-29556 (string)

datePublished : 2021-03-15T17:58:17 (string)

dateReserved : 2020-12-04T00:00:00 (string)

dateUpdated : 2024-08-04T16:55:10.299Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getgrav:grav_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "A43F940A-E458-4B1A-801B-C90B5E073FA8", "versionEndExcluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "499C8899-38B4-4F7D-914B-92B3C04599CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "511D3EB9-0FB7-4318-89A2-969397A6DE6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "6E4F6270-4B29-4663-AB38-0DE48B27A7BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "A32B2D73-260D-4B5C-BFDF-017CA0C010AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "F169B505-27D4-4791-A87C-B68F75E778A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "351B9084-101A-4308-9F02-61CA44D12A4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "B45DC4F5-B4AB-4070-B185-B0D8A4D616D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "19FC7C3F-57A0-4824-A9EC-5F007EBF921B", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "2919E961-7EE8-48B3-A17A-6E3FF571F0CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "1538A29A-A958-4FB1-8931-781720C8DEE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9FC2E00-F6D4-4172-9EB6-0C81CD58713F", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc10:*:*:*:*:*:*", "matchCriteriaId": "3E6C1E78-CE7E-4DB7-83D8-0DEE0526F3C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc11:*:*:*:*:*:*", "matchCriteriaId": "6B837851-C7FC-4605-9CD3-380D28FA4923", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc12:*:*:*:*:*:*", "matchCriteriaId": "090C687F-9F26-428D-825C-185AE31B020E", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc13:*:*:*:*:*:*", "matchCriteriaId": "C89B132B-5278-422F-A1B0-B76ABC79837D", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc14:*:*:*:*:*:*", "matchCriteriaId": "2EC75BB8-1E6D-436F-A3C2-5A1087C192F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc15:*:*:*:*:*:*", "matchCriteriaId": "61421EB3-D64E-4A2B-9D4E-07AD716785E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc16:*:*:*:*:*:*", "matchCriteriaId": "0AB53A48-AB04-4DB9-8360-76CB41413181", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc17:*:*:*:*:*:*", "matchCriteriaId": "07341814-847C-4500-8FBB-B9C043D1AE6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "36AF015F-3CA5-46C7-BFE1-91691D9818EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc20:*:*:*:*:*:*", "matchCriteriaId": "15E200E4-C228-4114-A353-96D078DA33D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "88AE4BCB-9DB8-483D-A8F7-53760E5A50BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "033036C0-3A87-450C-8218-9D04B860E8D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "857C3641-4B43-4812-9806-11608D1729FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "79172D0E-6A30-4090-B79F-72D6637A7A16", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "D842FBBB-632B-4E43-BB21-D24476252B6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc8:*:*:*:*:*:*", "matchCriteriaId": "D7C52869-66A2-4059-9407-D86BFF0F06BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:getgrav:grav_cms:1.7.0:rc9:*:*:*:*:*:*", "matchCriteriaId": "EF62571B-B8C7-4001-AAAC-45CC8E728398", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)"}, {"lang": "es", "value": "La funcionalidad Backup en Grav CMS versiones hasta 1.7.0-rc.17, permite a un atacante autenticado leer archivos locales arbitrarios en el servidor subyacente al explotar una t\u00e9cnica de salto de ruta.&#xa0;(Esta vulnerabilidad tambi\u00e9n puede ser explotada por un atacante no autenticado debido a una falta de protecci\u00f3n CSRF)"}], "id": "CVE-2020-29556", "lastModified": "2024-11-21T05:24:11.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-15T18:15:17.317", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A43F940A-E458-4B1A-801B-C90B5E073FA8 (string)

versionEndExcluding : 1.7.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:beta1:*:*:*:*:*:* (string)

matchCriteriaId : 499C8899-38B4-4F7D-914B-92B3C04599CC (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:beta10:*:*:*:*:*:* (string)

matchCriteriaId : 511D3EB9-0FB7-4318-89A2-969397A6DE6B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:beta2:*:*:*:*:*:* (string)

matchCriteriaId : 6E4F6270-4B29-4663-AB38-0DE48B27A7BE (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:beta3:*:*:*:*:*:* (string)

matchCriteriaId : A32B2D73-260D-4B5C-BFDF-017CA0C010AA (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:beta4:*:*:*:*:*:* (string)

matchCriteriaId : F169B505-27D4-4791-A87C-B68F75E778A8 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:beta5:*:*:*:*:*:* (string)

matchCriteriaId : 351B9084-101A-4308-9F02-61CA44D12A4F (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:beta6:*:*:*:*:*:* (string)

matchCriteriaId : B45DC4F5-B4AB-4070-B185-B0D8A4D616D9 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:beta7:*:*:*:*:*:* (string)

matchCriteriaId : 19FC7C3F-57A0-4824-A9EC-5F007EBF921B (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:beta8:*:*:*:*:*:* (string)

matchCriteriaId : 2919E961-7EE8-48B3-A17A-6E3FF571F0CA (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:beta9:*:*:*:*:*:* (string)

matchCriteriaId : 1538A29A-A958-4FB1-8931-781720C8DEE9 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : B9FC2E00-F6D4-4172-9EB6-0C81CD58713F (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc10:*:*:*:*:*:* (string)

matchCriteriaId : 3E6C1E78-CE7E-4DB7-83D8-0DEE0526F3C1 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc11:*:*:*:*:*:* (string)

matchCriteriaId : 6B837851-C7FC-4605-9CD3-380D28FA4923 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc12:*:*:*:*:*:* (string)

matchCriteriaId : 090C687F-9F26-428D-825C-185AE31B020E (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc13:*:*:*:*:*:* (string)

matchCriteriaId : C89B132B-5278-422F-A1B0-B76ABC79837D (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc14:*:*:*:*:*:* (string)

matchCriteriaId : 2EC75BB8-1E6D-436F-A3C2-5A1087C192F1 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc15:*:*:*:*:*:* (string)

matchCriteriaId : 61421EB3-D64E-4A2B-9D4E-07AD716785E6 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc16:*:*:*:*:*:* (string)

matchCriteriaId : 0AB53A48-AB04-4DB9-8360-76CB41413181 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc17:*:*:*:*:*:* (string)

matchCriteriaId : 07341814-847C-4500-8FBB-B9C043D1AE6D (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 36AF015F-3CA5-46C7-BFE1-91691D9818EA (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc20:*:*:*:*:*:* (string)

matchCriteriaId : 15E200E4-C228-4114-A353-96D078DA33D2 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc3:*:*:*:*:*:* (string)

matchCriteriaId : 88AE4BCB-9DB8-483D-A8F7-53760E5A50BE (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc4:*:*:*:*:*:* (string)

matchCriteriaId : 033036C0-3A87-450C-8218-9D04B860E8D9 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc5:*:*:*:*:*:* (string)

matchCriteriaId : 857C3641-4B43-4812-9806-11608D1729FB (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc6:*:*:*:*:*:* (string)

matchCriteriaId : 79172D0E-6A30-4090-B79F-72D6637A7A16 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc7:*:*:*:*:*:* (string)

matchCriteriaId : D842FBBB-632B-4E43-BB21-D24476252B6D (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc8:*:*:*:*:*:* (string)

matchCriteriaId : D7C52869-66A2-4059-9407-D86BFF0F06BD (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:getgrav:grav_cms:1.7.0:rc9:*:*:*:*:*:* (string)

matchCriteriaId : EF62571B-B8C7-4001-AAAC-45CC8E728398 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) (string)

}

1 : { »

lang : es (string)

value : La funcionalidad Backup en Grav CMS versiones hasta 1.7.0-rc.17, permite a un atacante autenticado leer archivos locales arbitrarios en el servidor subyacente al explotar una técnica de salto de ruta. (Esta vulnerabilidad también puede ser explotada por un atacante no autenticado debido a una falta de protección CSRF) (string)

}

]

id : CVE-2020-29556 (string)

lastModified : 2024-11-21T05:24:11.770 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.1 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-03-15T18:15:17.317 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/ (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/ (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-22 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object