Vulnerabilities > CVE-2021-32752 - Files or Directories Accessible to External Parties vulnerability in Ethercreative Logs

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ethercreative

CWE-552

NVD

Published: 2021-07-09

Updated: 2021-07-22

Summary

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.

Vulnerable Configurations

Part	Description	Count
Application	Ethercreative Ethercreative Logs 3.0.0 Ethercreative Logs 3.0.1 Ethercreative Logs 3.0.2 Ethercreative Logs 3.0.3	8

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References