Authenticated Admin Users Able to Access Any File on Server in Ether Logs Plugin (Versions Prior to 3.0.4)

Authenticated Admin Users Able to Access Any File on Server in Ether Logs Plugin (Versions Prior to 3.0.4)

CVE-2021-32752 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.

Learn more about our Cis Benchmark Audit For Server Software.