How severe is CVE-2021-23259?

CVE-2021-23259 has a CVSS v3 score of 4.2 (MEDIUM).

CVE-2021-23259

Name: crafter_cms
Author: craftercms

4.2MEDIUM

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, whi

Publicado: 12/2/2021Atualizado: 11/21/2024

Descrição

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

Análise IADesenvolvido por IA

Produtos Afetados

craftercmscrafter_cms

Referências

https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102
Vendor Advisory
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102
Vendor Advisory