CVE-2020-29556

Published: Mar 15, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)

Affected (29)

Products: Getgrav: Grav Cms

Getgrav

1 product

Grav Cms

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Getgrav Grav Cms	Before 1.7.0
Getgrav Grav Cms	Version 1.7.0 beta10
Getgrav Grav Cms	Version 1.7.0 beta1
Getgrav Grav Cms	Version 1.7.0 beta2
Getgrav Grav Cms	Version 1.7.0 beta3
Getgrav Grav Cms	Version 1.7.0 beta4
Getgrav Grav Cms	Version 1.7.0 beta5
Getgrav Grav Cms	Version 1.7.0 beta6
Getgrav Grav Cms	Version 1.7.0 beta7
Getgrav Grav Cms	Version 1.7.0 beta8
Getgrav Grav Cms	Version 1.7.0 beta9
Getgrav Grav Cms	Version 1.7.0 rc10
Getgrav Grav Cms	Version 1.7.0 rc11
Getgrav Grav Cms	Version 1.7.0 rc12
Getgrav Grav Cms	Version 1.7.0 rc13
Getgrav Grav Cms	Version 1.7.0 rc14
Getgrav Grav Cms	Version 1.7.0 rc15
Getgrav Grav Cms	Version 1.7.0 rc16
Getgrav Grav Cms	Version 1.7.0 rc17
Getgrav Grav Cms	Version 1.7.0 rc1
Getgrav Grav Cms	Version 1.7.0 rc20
Getgrav Grav Cms	Version 1.7.0 rc2
Getgrav Grav Cms	Version 1.7.0 rc3
Getgrav Grav Cms	Version 1.7.0 rc4
Getgrav Grav Cms	Version 1.7.0 rc5
Getgrav Grav Cms	Version 1.7.0 rc6
Getgrav Grav Cms	Version 1.7.0 rc7
Getgrav Grav Cms	Version 1.7.0 rc8
Getgrav Grav Cms	Version 1.7.0 rc9

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.