CVE-2024-34082

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.7.46

Description A low privilege user account with page edit privilege can read any server files using Twig Syntax, including Grav user account files - /grav/user/accounts/*.yaml, which stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators.

Recommendations For versions prior to 1.7.46, update to version 1.7.46 to resolve the issue. As a temporary workaround, consider restricting the use of Twig Syntax for low-privileged users until the patch is applied. Restrict access to the /grav/user/accounts/*.yaml files to minimize the risk of exploitation. Avoid using the read file function in Twig templates until the issue is resolved.