CVE-2021-24227

{"id": "CVE-2021-24227", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-04-12T14:15:15.977", "references": [{"url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016", "tags": ["Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies."}, {"lang": "es", "value": "El equipo de Jetpack Scan identific\u00f3 una vulnerabilidad de Divulgaci\u00f3n de Archivos Locales en el plugin Patreon WordPress versiones anteriores a 1.7.0, que podr\u00eda ser abusado por cualquiera que visite el sitio. Con este vector de ataque, un atacante podr\u00eda filtrar archivos internos importantes como wp-config.php, que contiene credenciales de base de datos y claves criptogr\u00e1ficas utilizadas en la generaci\u00f3n de nonces y cookies"}], "lastModified": "2021-04-14T15:47:11.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:patreon:patreon_wordpress:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "81276AAA-507E-4A2E-91C2-FA7A017066D9", "versionEndExcluding": "1.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}