Plattform
php
Komponente
grav
Behoben in
1.7.47
CVE-2024-34082 describes an Arbitrary File Access vulnerability in Grav CMS, a file-based Web platform. This flaw allows low-privilege user accounts with page edit privileges to read any server files through Twig syntax injection. Exploitation can lead to the compromise of user accounts and the exposure of sensitive data, impacting Grav CMS versions prior to 1.7.46. A patch is available in version 1.7.46.
The primary impact of CVE-2024-34082 lies in the exposure of sensitive server files. An attacker exploiting this vulnerability can read user account files located at /grav/user/accounts/*.yaml. These files contain hashed user passwords, two-factor authentication (2FA) secrets, and password reset tokens. Successful compromise allows an adversary to reset user passwords, gain access to 2FA secrets, and ultimately take over user accounts. Furthermore, the ability to read arbitrary server files opens the door to broader data exfiltration and potential system compromise, depending on the files accessible on the server. This vulnerability shares similarities with other Twig template engine vulnerabilities where improper input sanitization allows for file path manipulation.
CVE-2024-34082 was publicly disclosed on May 15, 2024. Its severity is rated HIGH with a CVSS score of 8.5. There is currently no indication of this vulnerability being actively exploited in the wild, nor is it listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it likely that such exploits will emerge.
Organizations and individuals using Grav CMS versions prior to 1.7.46 are at risk. This includes websites and applications that rely on Grav CMS for content management. Shared hosting environments where multiple users have page edit privileges are particularly vulnerable, as a compromised account could potentially expose data for other users on the same server.
• linux / server:
journalctl -u grav | grep -i "twig"• generic web:
curl -I https://your-grav-site.com/grav/user/accounts/*.yaml # Check for file listing• wordpress / composer / npm: (Not applicable, Grav is not based on these technologies) • database (mysql, redis, mongodb, postgresql): (Not applicable, this is a file access vulnerability) • windows / supply-chain: (Not applicable, Grav is not a Windows application)
disclosure
Exploit-Status
EPSS
0.21% (44% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-34082 is to upgrade Grav CMS to version 1.7.46 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing temporary workarounds. Restrict access to the /grav/user/accounts/ directory using web server configuration (e.g., .htaccess for Apache, nginx configuration). Review and harden Twig template configurations to prevent arbitrary code execution. Monitor Grav CMS logs for suspicious activity, particularly attempts to access files outside of expected locations. After upgrading, confirm the fix by attempting to access the /grav/user/accounts/*.yaml files with a low-privilege user account; access should be denied.
Actualice Grav a la versión 1.7.46 o superior. Esta versión contiene una corrección para la vulnerabilidad de lectura arbitraria de archivos. La actualización se puede realizar a través del panel de administración de Grav o mediante la línea de comandos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-34082 is a HIGH severity vulnerability allowing low-privilege users to read server files in Grav CMS versions before 1.7.46, potentially exposing user account data and other sensitive information.
Yes, if you are running Grav CMS version 1.7.46 or earlier, you are vulnerable to this Arbitrary File Access vulnerability.
Upgrade Grav CMS to version 1.7.46 or later to address this vulnerability. Consider temporary workarounds like restricting file access permissions if immediate upgrade is not possible.
There is currently no confirmed evidence of active exploitation in the wild, but the vulnerability's nature makes it a potential target.
Refer to the Grav CMS security advisory for detailed information and updates: [https://grav.0x.ninja/security/advisories/CVE-2024-34082](https://grav.0x.ninja/security/advisories/CVE-2024-34082)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.