CVE-2019-20043

Published: Dec 27, 2019Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.

Affected (3)

Products: Wordpress: Wordpress · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wordpress Wordpress	From 3.7 to 5.3.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (16)

https://core.trac.wordpress.org/changeset/46893/trunk

Source: cve@mitre.org

Patch

https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9

Source: cve@mitre.org

Third Party Advisory

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw

Source: cve@mitre.org

Third Party Advisory

https://seclists.org/bugtraq/2020/Jan/8

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/

Source: cve@mitre.org

Release NotesVendor Advisory

https://wpvulndb.com/vulnerabilities/9973

Source: cve@mitre.org

Release NotesThird Party Advisory

https://www.debian.org/security/2020/dsa-4599

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2020/dsa-4677

Source: cve@mitre.org

Third Party Advisory

https://core.trac.wordpress.org/changeset/46893/trunk

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://seclists.org/bugtraq/2020/Jan/8

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://wpvulndb.com/vulnerabilities/9973

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://www.debian.org/security/2020/dsa-4599

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2020/dsa-4677

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.