GHSA-84PX-Q68R-2FC9

Vulnerability from github – Published: 2021-12-15 22:55 – Updated: 2021-12-15 22:27
VLAI?
Summary
Privilege escalation in the Sulu Admin panel
Details

Impact

Impacted are only users which already have access to the admin UI. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction.

Patches

The versions have been patched in 2.2.18, 2.3.8 and 2.4.0.

Workarounds

Patching the ProfileController of affected sulu versions yourself by overwriting it.

References

Are there any links users can visit to find out more?

Currently not.

For more information

If you have any questions or comments about this advisory: * Open an issue in sulu/sulu repo * Email us at security@sulu.io

Severity ?
7.2 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.2.17"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "sulu/sulu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.2.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.3.7"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "sulu/sulu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sulu/sulu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0-RC1"
            },
            {
              "fixed": "2.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.4.0-RC1"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-43835"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-12-15T22:27:38Z",
    "nvd_published_at": "2021-12-15T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nImpacted are only users which already have access to the admin UI. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction.\n\n### Patches\n\nThe versions have been patched in 2.2.18, 2.3.8 and 2.4.0.\n\n### Workarounds\n\nPatching the ProfileController of affected sulu versions yourself by overwriting it.\n\n### References\n\n_Are there any links users can visit to find out more?_\n\nCurrently not.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [sulu/sulu repo](https://github.com/sulu/sulu/issues)\n* Email us at [security@sulu.io](mailto:security@sulu.io)\n",
  "id": "GHSA-84px-q68r-2fc9",
  "modified": "2021-12-15T22:27:38Z",
  "published": "2021-12-15T22:55:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43835"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sulu/sulu"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Privilege escalation in the Sulu Admin panel"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.