PT-2026-25817 · Craft Cms+1 · Craft Cms+1
Neosprings
·
Publicado
2026-03-16
·
Atualizado
2026-03-18
·
CVE-2026-32265
CVSS v4.0
6.9
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Amazon S3 for Craft CMS versions 2.0.2 through 2.2.4
Description
The Amazon S3 for Craft CMS plugin integrates Amazon S3 with Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The
BucketsController->actionLoadBucketData() endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is permitted to access.Recommendations
Update the plugin to version 2.2.5.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Amazon S3 For Craft Cms
Craft Cms