Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for logs by ethercreative
CVE-2022-23409 (GCVE-0-2022-23409)
Vulnerability from nvd – Published: 2022-01-31 07:04 – Updated: 2024-08-03 03:43
VLAI
EPSS
VEX
Summary
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://sec-consult.com/vulnerability-lab/ | x_refsource_MISC |
| https://plugins.craftcms.com/logs | x_refsource_MISC |
| http://packetstormsecurity.com/files/165706/Ether… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:45.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.craftcms.com/logs"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165706/Ethercreative-Logs-3.0.3-Path-Traversal.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-31T07:04:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.craftcms.com/logs"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165706/Ethercreative-Logs-3.0.3-Path-Traversal.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/vulnerability-lab/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/"
},
{
"name": "https://plugins.craftcms.com/logs",
"refsource": "MISC",
"url": "https://plugins.craftcms.com/logs"
},
{
"name": "http://packetstormsecurity.com/files/165706/Ethercreative-Logs-3.0.3-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165706/Ethercreative-Logs-3.0.3-Path-Traversal.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23409",
"datePublished": "2022-01-31T07:04:50.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:43:45.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32752 (GCVE-0-2021-32752)
Vulnerability from nvd – Published: 2021-07-09 14:05 – Updated: 2024-08-03 23:33
VLAI
EPSS
VEX
Title
Files or Directories Accessible to External Parties in ether/logs
Summary
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.
Severity
7.2 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ethercreative/logs/security/ad… | x_refsource_CONFIRM |
| https://github.com/ethercreative/logs/releases/ta… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ethercreative | logs |
Affected:
< 3.0.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ethercreative/logs/releases/tag/3.0.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "logs",
"vendor": "ethercreative",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ether Logs is a package that allows one to check one\u0027s logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-09T14:05:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ethercreative/logs/releases/tag/3.0.4"
}
],
"source": {
"advisory": "GHSA-fp63-499m-hq6m",
"discovery": "UNKNOWN"
},
"title": "Files or Directories Accessible to External Parties in ether/logs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32752",
"STATE": "PUBLIC",
"TITLE": "Files or Directories Accessible to External Parties in ether/logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "logs",
"version": {
"version_data": [
{
"version_value": "\u003c 3.0.4"
}
]
}
}
]
},
"vendor_name": "ethercreative"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ether Logs is a package that allows one to check one\u0027s logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552: Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m",
"refsource": "CONFIRM",
"url": "https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m"
},
{
"name": "https://github.com/ethercreative/logs/releases/tag/3.0.4",
"refsource": "MISC",
"url": "https://github.com/ethercreative/logs/releases/tag/3.0.4"
}
]
},
"source": {
"advisory": "GHSA-fp63-499m-hq6m",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32752",
"datePublished": "2021-07-09T14:05:11.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:55.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23409 (GCVE-0-2022-23409)
Vulnerability from cvelistv5 – Published: 2022-01-31 07:04 – Updated: 2024-08-03 03:43
VLAI
EPSS
VEX
Summary
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://sec-consult.com/vulnerability-lab/ | x_refsource_MISC |
| https://plugins.craftcms.com/logs | x_refsource_MISC |
| http://packetstormsecurity.com/files/165706/Ether… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:45.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.craftcms.com/logs"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165706/Ethercreative-Logs-3.0.3-Path-Traversal.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-31T07:04:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/vulnerability-lab/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.craftcms.com/logs"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165706/Ethercreative-Logs-3.0.3-Path-Traversal.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/vulnerability-lab/",
"refsource": "MISC",
"url": "https://sec-consult.com/vulnerability-lab/"
},
{
"name": "https://plugins.craftcms.com/logs",
"refsource": "MISC",
"url": "https://plugins.craftcms.com/logs"
},
{
"name": "http://packetstormsecurity.com/files/165706/Ethercreative-Logs-3.0.3-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165706/Ethercreative-Logs-3.0.3-Path-Traversal.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23409",
"datePublished": "2022-01-31T07:04:50.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:43:45.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32752 (GCVE-0-2021-32752)
Vulnerability from cvelistv5 – Published: 2021-07-09 14:05 – Updated: 2024-08-03 23:33
VLAI
EPSS
VEX
Title
Files or Directories Accessible to External Parties in ether/logs
Summary
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.
Severity
7.2 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ethercreative/logs/security/ad… | x_refsource_CONFIRM |
| https://github.com/ethercreative/logs/releases/ta… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ethercreative | logs |
Affected:
< 3.0.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ethercreative/logs/releases/tag/3.0.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "logs",
"vendor": "ethercreative",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ether Logs is a package that allows one to check one\u0027s logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-09T14:05:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ethercreative/logs/releases/tag/3.0.4"
}
],
"source": {
"advisory": "GHSA-fp63-499m-hq6m",
"discovery": "UNKNOWN"
},
"title": "Files or Directories Accessible to External Parties in ether/logs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32752",
"STATE": "PUBLIC",
"TITLE": "Files or Directories Accessible to External Parties in ether/logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "logs",
"version": {
"version_data": [
{
"version_value": "\u003c 3.0.4"
}
]
}
}
]
},
"vendor_name": "ethercreative"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ether Logs is a package that allows one to check one\u0027s logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552: Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m",
"refsource": "CONFIRM",
"url": "https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m"
},
{
"name": "https://github.com/ethercreative/logs/releases/tag/3.0.4",
"refsource": "MISC",
"url": "https://github.com/ethercreative/logs/releases/tag/3.0.4"
}
]
},
"source": {
"advisory": "GHSA-fp63-499m-hq6m",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32752",
"datePublished": "2021-07-09T14:05:11.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:55.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}