Vulnerability Description
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ethercreative | Logs | < 3.0.4 |
Related Weaknesses (CWE)
References
- https://github.com/ethercreative/logs/releases/tag/3.0.4Release NotesThird Party Advisory
- https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6mThird Party Advisory
- https://github.com/ethercreative/logs/releases/tag/3.0.4Release NotesThird Party Advisory
- https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6mThird Party Advisory
FAQ
What is CVE-2021-32752?
CVE-2021-32752 is a vulnerability with a CVSS score of 7.2 (HIGH). Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any ...
How severe is CVE-2021-32752?
CVE-2021-32752 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32752?
Check the references section above for vendor advisories and patch information. Affected products include: Ethercreative Logs.