How severe is CVE-2021-23259?

CVE-2021-23259 has a CVSS v3 score of 4.2 (MEDIUM).

CVE-2021-23259

Name: crafter_cms
Author: craftercms

4.2MEDIUM

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, whi

Publicado: 12/2/2021Actualizado: 11/21/2024

Descripción

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

Análisis IAImpulsado por IA

Productos Afectados

craftercmscrafter_cms

Referencias

https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102
Vendor Advisory
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102
Vendor Advisory