PT-2021-19905 · Unknown · Ether Logs

Published

2021-07-09

Updated

2021-07-22

CVE-2021-32752

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ether Logs versions prior to 3.0.4

Description A vulnerability was found in Ether Logs that allowed authenticated admin users to access any file on the server. The issue has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.

Recommendations For versions prior to 3.0.4, update to version 3.0.4 to resolve the issue. As a temporary workaround, consider disabling the plugin if untrustworthy sources have admin access.

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

CVE-2021-32752

GHSA-FP63-499M-HQ6M

Affected Products

Ether Logs

PT-2021-19905 · Unknown · Ether Logs

CVE-2021-32752

Weakness Enumeration

Related Identifiers

Affected Products

References · 8