CVE-2024-27923 - Vulnerability Details - OpenCVE

Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.07188.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

getgrav

grav

affected

Version	Status	Constraints
`< 1.7.43`	affected	—

Configuration 1 [-]

cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors	Products
Getgrav Subscribe	Grav Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-0910	Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.
Github GHSA	GHSA-f6g2-h7qv-3m5v	Remote Code Execution by uploading a phar file using frontmatter

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07
https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v

History

Thu, 02 Jan 2025 23:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Getgrav Getgrav grav
CPEs		cpe:2.3:a:getgrav:grav::::::::
Vendors & Products		Getgrav Getgrav grav

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-06T20:28:46.695Z

Updated: 2024-08-02T18:35:36.095Z

Reserved: 2024-02-28T15:14:14.214Z

Link: CVE-2024-27923

Vulnrichment

Updated: 2024-08-02T00:41:55.863Z

NVD

Status : Analyzed

Published: 2024-03-21T02:52:21.280

Modified: 2025-01-02T23:02:44.890

Link: CVE-2024-27923

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27923", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-02-28T15:14:14.214Z", "datePublished": "2024-03-06T20:28:46.695Z", "dateUpdated": "2024-08-02T18:35:36.095Z"}, "containers": {"cna": {"title": "Remote Code Execution by uploading a phar file using frontmatter", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-434", "lang": "en", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"}, {"name": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07", "tags": ["x_refsource_MISC"], "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"}], "affected": [{"vendor": "getgrav", "product": "grav", "versions": [{"version": "< 1.7.43", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T20:28:46.695Z"}, "descriptions": [{"lang": "en", "value": "Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue."}], "source": {"advisory": "GHSA-f6g2-h7qv-3m5v", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:41:55.863Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"}, {"name": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"}]}, {"affected": [{"vendor": "getgrav", "product": "grav", "cpes": ["cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.7.43", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T18:34:03.665942Z", "id": "CVE-2024-27923", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T18:35:36.095Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27923", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-02-28T15:14:14.214Z", "datePublished": "2024-03-06T20:28:46.695Z", "dateUpdated": "2024-08-02T18:35:36.095Z"}, "containers": {"cna": {"title": "Remote Code Execution by uploading a phar file using frontmatter", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-434", "lang": "en", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"}, {"name": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07", "tags": ["x_refsource_MISC"], "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"}], "affected": [{"vendor": "getgrav", "product": "grav", "versions": [{"version": "< 1.7.43", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T20:28:46.695Z"}, "descriptions": [{"lang": "en", "value": "Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue."}], "source": {"advisory": "GHSA-f6g2-h7qv-3m5v", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:41:55.863Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"}, {"name": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27923", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-02T18:34:03.665942Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*"], "vendor": "getgrav", "product": "grav", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.43", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T18:35:31.976Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*", "matchCriteriaId": "137FDC94-AAD3-4371-8E1C-2D01E0305DAB", "versionEndExcluding": "1.7.43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue."}, {"lang": "es", "value": "Grav es un sistema de gesti\u00f3n de contenidos (CMS). Antes de la versi\u00f3n 1.7.43, los usuarios que pod\u00edan escribir una p\u00e1gina pod\u00edan usar la funci\u00f3n \"frontmatter\" debido a una validaci\u00f3n de permisos insuficiente y una validaci\u00f3n de nombre de archivo inadecuada. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo. La versi\u00f3n 1.7.43 soluciona este problema."}], "id": "CVE-2024-27923", "lastModified": "2025-01-02T23:02:44.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-21T02:52:21.280", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-434"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}