CVE-2021-32752: Files or Directories Accessible to External Parties

July 12, 2021

Ether Logs is a package that allows one to check one’s logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.

References

github.com/advisories/GHSA-fp63-499m-hq6m
github.com/ethercreative/logs/commit/eb225cc78b1123a10ce2784790f232d71c2066c4
github.com/ethercreative/logs/releases/tag/3.0.4
github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m
nvd.nist.gov/vuln/detail/CVE-2021-32752

Detect and mitigate CVE-2021-32752 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →