CVE-2021-21389 - Vulnerability Details - OpenCVE

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.93537.

Key SSVC decision points have not yet been added.

Vendors	Products
Buddypress	Buddypress

Configuration 1 [-]

cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-m6j4-8r7p-wpp3	BuddyPress privilege escalation via REST API

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
https://codex.buddypress.org/releases/version-7-2-1/
https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-03-26T20:15:14

Updated: 2024-08-03T18:09:15.798Z

Reserved: 2020-12-22T00:00:00

Link: CVE-2021-21389

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-26T21:15:13.520

Modified: 2024-11-21T05:48:15.500

Link: CVE-2021-21389

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "BuddyPress", "vendor": "buddypress", "versions": [{"status": "affected", "version": ">= 5.0.0, < 7.2.1"}]}], "descriptions": [{"lang": "en", "value": "BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization ", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-26T20:15:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3"}, {"tags": ["x_refsource_MISC"], "url": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/"}, {"tags": ["x_refsource_MISC"], "url": "https://codex.buddypress.org/releases/version-7-2-1/"}], "source": {"advisory": "GHSA-m6j4-8r7p-wpp3", "discovery": "UNKNOWN"}, "title": "BuddyPress privilege escalation via REST API", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21389", "STATE": "PUBLIC", "TITLE": "BuddyPress privilege escalation via REST API"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BuddyPress", "version": {"version_data": [{"version_value": ">= 5.0.0, < 7.2.1"}]}}]}, "vendor_name": "buddypress"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863: Incorrect Authorization "}]}]}, "references": {"reference_data": [{"name": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3", "refsource": "CONFIRM", "url": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3"}, {"name": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/", "refsource": "MISC", "url": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/"}, {"name": "https://codex.buddypress.org/releases/version-7-2-1/", "refsource": "MISC", "url": "https://codex.buddypress.org/releases/version-7-2-1/"}]}, "source": {"advisory": "GHSA-m6j4-8r7p-wpp3", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:09:15.798Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://codex.buddypress.org/releases/version-7-2-1/"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-21389", "datePublished": "2021-03-26T20:15:14", "dateReserved": "2020-12-22T00:00:00", "dateUpdated": "2024-08-03T18:09:15.798Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "22E0A24D-C677-49B3-AD8D-4D5F342F1CBF", "versionEndExcluding": "7.2.1", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue."}, {"lang": "es", "value": "BuddyPress es un plugin de WordPress de c\u00f3digo abierto para crear un sitio comunitario. En versiones de BuddyPress de 5.0.0 versiones anteriores a 7.2.1, es posible para un usuario regular sin privilegios obtener derechos de administrador al explotar un problema en el endpoint de los miembros de la API REST. La vulnerabilidad ha sido corregida en BuddyPress versi\u00f3n 7.2.1. Las instalaciones existentes del plugin deben actualizarse a esta versi\u00f3n para mitigar el problema."}], "id": "CVE-2021-21389", "lastModified": "2024-11-21T05:48:15.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-26T21:15:13.520", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://codex.buddypress.org/releases/version-7-2-1/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://buddypress.org/2021/03/buddypress-7-2-1-security-release/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://codex.buddypress.org/releases/version-7-2-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Secondary"}]}