How severe is CVE-2021-23259?

CVE-2021-23259 has a CVSS v3 score of 4.2 (MEDIUM).

CVE-2021-23259

Name: crafter_cms
Author: craftercms

4.2MEDIUM

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, whi

Published: 12/2/2021Updated: 11/21/2024

Description

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

AI AnalysisPowered by AI

Affected Products

craftercmscrafter_cms

References

https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102
Vendor Advisory
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102
Vendor Advisory