CVE-2021-24377 - OpenCVE

The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Autoptimize	Autoptimize

Configuration 1 [-]

cpe:2.3:a:autoptimize:autoptimize:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-06-21T19:18:23

Updated: 2024-08-03T19:28:23.923Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24377

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-21T20:15:09.117

Modified: 2021-09-20T17:10:55.433

Link: CVE-2021-24377

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Autoptimize", "vendor": "Unknown", "versions": [{"lessThan": "2.7.8", "status": "affected", "version": "2.7.8", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Marcin W\u0119g\u0142owski"}], "descriptions": [{"lang": "en", "value": "The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-21T19:18:23", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4"}], "source": {"discovery": "UNKNOWN"}, "title": "Autoptimize < 2.7.8 - Race Condition leading to RCE", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24377", "STATE": "PUBLIC", "TITLE": "Autoptimize < 2.7.8 - Race Condition leading to RCE"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Autoptimize", "version": {"version_data": [{"version_affected": "<", "version_name": "2.7.8", "version_value": "2.7.8"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Marcin W\u0119g\u0142owski"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:28:23.923Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24377", "datePublished": "2021-06-21T19:18:23", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:28:23.923Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autoptimize:autoptimize:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "53E96CFF-8CD3-4AD1-BA84-4739E8F83A2F", "versionEndExcluding": "2.7.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948."}, {"lang": "es", "value": "El plugin Autoptimize WordPress versiones anteriores a 2.7.8 intenta eliminar los potenciales archivos maliciosos del archivo extra\u00eddo cargado por medio de la funcionalidad \"Import Settings\", sin embargo, esto no es suficiente para proteger contra el RCE, ya que se puede lograr una condici\u00f3n de carrera entre el momento en que el archivo es extra\u00eddo en el disco pero a\u00fan no se elimina. Se trata de una omisi\u00f3n de CVE-2020-24948"}], "id": "CVE-2021-24377", "lastModified": "2021-09-20T17:10:55.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-21T20:15:09.117", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "contact@wpscan.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Secondary"}]}