CVE-2021-43836 - OpenCVE

Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sulu	Sulu

Configuration 1 [-]

OR	cpe:2.3:a:sulu:sulu::::::::
	cpe:2.3:a:sulu:sulu::::::::
	cpe:2.3:a:sulu:sulu::::::::
	cpe:2.3:a:sulu:sulu:2.4.0:rc1::::::

No data.

References

Link	Providers
https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54
https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-12-15T20:10:10

Updated: 2024-08-04T04:10:16.325Z

Reserved: 2021-11-16T00:00:00

Link: CVE-2021-43836

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-15T20:15:08.733

Modified: 2021-12-21T02:09:55.593

Link: CVE-2021-43836

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "sulu", "vendor": "sulu", "versions": [{"status": "affected", "version": "< 1.6.44"}, {"status": "affected", "version": ">= 2.0.0, < 2.2.18"}, {"status": "affected", "version": ">= 2.3.0, < 2.3.8"}]}], "descriptions": [{"lang": "en", "value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-15T20:10:09", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"}], "source": {"advisory": "GHSA-vx6j-pjrh-vgjh", "discovery": "UNKNOWN"}, "title": "PHP file inclusion in the Sulu admin panel", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43836", "STATE": "PUBLIC", "TITLE": "PHP file inclusion in the Sulu admin panel"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "sulu", "version": {"version_data": [{"version_value": "< 1.6.44"}, {"version_value": ">= 2.0.0, < 2.2.18"}, {"version_value": ">= 2.3.0, < 2.3.8"}]}}]}, "vendor_name": "sulu"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh", "refsource": "CONFIRM", "url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"}, {"name": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54", "refsource": "MISC", "url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"}]}, "source": {"advisory": "GHSA-vx6j-pjrh-vgjh", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:10:16.325Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43836", "datePublished": "2021-12-15T20:10:10", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:10:16.325Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*", "matchCriteriaId": "838D4309-D6D9-4884-B6C7-F4529DD7AD68", "versionEndExcluding": "1.6.44", "vulnerable": true}, {"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B6E9B64-0B43-40AD-B0B4-C8BA5EEA6F31", "versionEndExcluding": "2.2.18", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*", "matchCriteriaId": "354C0B42-D950-497B-B3B7-09EA07063564", "versionEndExcluding": "2.3.8", "versionStartIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sulu:sulu:2.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "2889EBAA-7A15-436C-9658-CA67F7122DC1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language."}, {"lang": "es", "value": "Sulu es un sistema de administraci\u00f3n de contenidos PHP de c\u00f3digo abierto basado en el framework Symfony. En las versiones afectadas, un atacante puede leer archivos locales arbitrarios por medio de una inclusi\u00f3n de archivos PHP. En una configuraci\u00f3n por defecto esto tambi\u00e9n conlleva a una ejecuci\u00f3n de c\u00f3digo remota. El problema est\u00e1 parcheado con las versiones 1.6.44, 2.2.18, 2.3.8, 2.4.0. Para usuarios que no puedan actualizar sobrescribir el servicio \"sulu_route.generator.expression_token_provider\" y envolver el traductor antes de pasarlo al lenguaje de expresi\u00f3n"}], "id": "CVE-2021-43836", "lastModified": "2021-12-21T02:09:55.593", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-12-15T20:15:08.733", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}