{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28116", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-04T14:19:14.060Z", "datePublished": "2024-03-21T21:44:29.489Z", "dateUpdated": "2024-08-02T00:48:49.256Z"}, "containers": {"cna": {"title": "Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh"}, {"name": "https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e", "tags": ["x_refsource_MISC"], "url": "https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e"}], "affected": [{"vendor": "getgrav", "product": "grav", "versions": [{"version": "< 1.7.45", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-21T21:44:29.489Z"}, "descriptions": [{"lang": "en", "value": "Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue."}], "source": {"advisory": "GHSA-c9gp-64c4-2rrh", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "getgrav", "product": "grav", "cpes": ["cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.7.45", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T20:55:43.128996Z", "id": "CVE-2024-28116", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T20:56:23.682Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.256Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh"}, {"name": "https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28116", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-01T20:55:43.128996Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*"], "vendor": "getgrav", "product": "grav", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.45", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T20:56:19.279Z"}}], "cna": {"title": "Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass", "source": {"advisory": "GHSA-c9gp-64c4-2rrh", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "getgrav", "product": "grav", "versions": [{"status": "affected", "version": "< 1.7.45"}]}], "references": [{"url": "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh", "name": "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e", "name": "https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-21T21:44:29.489Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28116", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:56:23.682Z", "dateReserved": "2024-03-04T14:19:14.060Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-21T21:44:29.489Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9B96288-8090-4AF9-91EF-CBFCEB60039C", "versionEndExcluding": "1.7.45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue."}, {"lang": "es", "value": "Grav es un sistema de gesti\u00f3n de contenidos de archivos planos de c\u00f3digo abierto. Grav CMS anterior a la versi\u00f3n 1.7.45 es vulnerable a una inyecci\u00f3n de plantilla del lado del servidor (SSTI), que permite a cualquier usuario autenticado (los permisos del editor son suficientes) ejecutar c\u00f3digo arbitrario en el servidor remoto sin pasar por el entorno limitado de seguridad existente. La versi\u00f3n 1.7.45 contiene un parche para este problema."}], "id": "CVE-2024-28116", "lastModified": "2025-01-02T22:57:51.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-21T22:15:11.577", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-1336"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}