{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28118", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-04T14:19:14.060Z", "datePublished": "2024-03-21T21:55:11.788Z", "dateUpdated": "2024-08-02T00:48:49.053Z"}, "containers": {"cna": {"title": "Grav vulnerable to Server Side Template Injection (SSTI)", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4"}, {"name": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "tags": ["x_refsource_MISC"], "url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe"}], "affected": [{"vendor": "getgrav", "product": "grav", "versions": [{"version": "< 1.7.45", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-21T21:55:11.788Z"}, "descriptions": [{"lang": "en", "value": "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a fix for this issue.\n"}], "source": {"advisory": "GHSA-r6vw-8v8r-pmp4", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "getgrav", "product": "grav", "cpes": ["cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.7.45", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T15:04:35.675721Z", "id": "CVE-2024-28118", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T19:53:35.209Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.053Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4"}, {"name": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4", "name": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "name": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.053Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28118", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-08T15:04:35.675721Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*"], "vendor": "getgrav", "product": "grav", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.45", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T15:06:36.537Z"}}], "cna": {"title": "Grav vulnerable to Server Side Template Injection (SSTI)", "source": {"advisory": "GHSA-r6vw-8v8r-pmp4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "getgrav", "product": "grav", "versions": [{"status": "affected", "version": "< 1.7.45"}]}], "references": [{"url": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4", "name": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "name": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a fix for this issue.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-21T21:55:11.788Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28118", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:48:49.053Z", "dateReserved": "2024-03-04T14:19:14.060Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-21T21:55:11.788Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9B96288-8090-4AF9-91EF-CBFCEB60039C", "versionEndExcluding": "1.7.45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a fix for this issue.\n"}, {"lang": "es", "value": "Grav es un sistema de gesti\u00f3n de contenidos de archivos planos de c\u00f3digo abierto. Antes de la versi\u00f3n 1.7.45, debido al acceso sin restricciones a la clase de extensi\u00f3n twig desde el contexto Grav, un atacante pod\u00eda redefinir la variable de configuraci\u00f3n. Como resultado, el atacante puede eludir una mitigaci\u00f3n SSTI previa. El procesamiento Twig de p\u00e1ginas est\u00e1ticas puede ser habilitado en la portada por cualquier usuario administrativo autorizado a crear o editar p\u00e1ginas. Como el procesador Twig se ejecuta sin entorno de pruebas, este comportamiento se puede utilizar para obtener la ejecuci\u00f3n de c\u00f3digo arbitrario y elevar los privilegios en la instancia. La versi\u00f3n 1.7.45 contiene una soluci\u00f3n para este problema."}], "id": "CVE-2024-28118", "lastModified": "2025-01-02T22:59:47.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-21T22:15:12.037", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}