grafana 安全漏洞 (CVE-2021-4381)

admin

0
文章

0
评论

2023-11-29 23:10:34 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

grafana 安全漏洞 (CVE-2021-4381)

CVE编号

CVE-2021-4381

利用情况

暂无

补丁情况

N/A

披露时间

2023-06-07

漏洞描述

The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical...
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&...
https://www.wordfence.com/threat-intel/vulnerabilities/id/ff5755dc-2262-47f6-...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	stylemixthemes	ulisting	*		Up to (excluding) 1.7
	运行在以下环境
	系统	amazon_2023	python-lxml	*		Up to (excluding) 4.7.1-3.amzn2023.0.1
	运行在以下环境
	系统	amazon_AMI	python-lxml	*		Up to (excluding) 3.2.1-4.10.amzn1
	运行在以下环境
	系统	centos_7	tfm-rubygem-hammer_cli_foreman_tasks	*		Up to (excluding) 1.1.2-7.el7sat
	运行在以下环境
	系统	centos_8	rubygem-little-plugger	*		Up to (excluding) 1.0.2-5.1.el8sat
	运行在以下环境
	系统	fedora_34	mingw32-python3-lxml	*		Up to (excluding) 4.6.5-1.fc34
	运行在以下环境
	系统	fedora_35	mingw32-python3-lxml	*		Up to (excluding) 4.6.5-1.fc35
	运行在以下环境
	系统	fedora_36	containerd	*		Up to (excluding) 1.5.9-1.fc36
	运行在以下环境
	系统	opensuse_Leap_15.3	grafana	*		Up to (excluding) 4.3.16-150000.3.89.1
	运行在以下环境
	系统	opensuse_Leap_15.4	grafana	*		Up to (excluding) 4.3.16-150000.3.89.1
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 1.3.7-31.module+el8.5.0+20361+8a9d3d27
	运行在以下环境
	系统	redhat_7	tfm-rubygem-hammer_cli_foreman_tasks	*		Up to (excluding) 1.1.2-7.el7sat
	运行在以下环境
	系统	redhat_8	rubygem-little-plugger	*		Up to (excluding) 1.0.2-5.1.el8sat
	运行在以下环境
	系统	suse_12_SP5	python-lxml	*		Up to (excluding) 1.3.0-1.15.3