Statamic
CVE-2022-24784
LOW
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. The issue has been fixed in versions 3.2.39 and above, and 3.3.2 and above.
AnalysisAI
Statamic is a Laravel and Git powered CMS. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. The issue has been fixed in versions 3.2.39 and above, and 3.3.2 and above. Affected products include: Statamic.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
Statmic is a core Laravel content management system Composer package. Rated critical severity (CVSS 9.8), this vulnerabi
Statamic is a flat-first, Laravel and Git powered content management system. Rated medium severity (CVSS 5.4), this vuln
Password reset poisoning in Statamic CMS before 6.3.3/5.73.10 allows attackers to steal password reset tokens by manipul
Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class ar
Authenticated Statamic CMS users (versions 6.0.0-6.3.x) can bypass privilege escalation verification checks to gain unau
Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. Rated high severity (CVSS 8.8), this
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request. Rated medium seve
Statmatic is a Laravel and Git powered content management system (CMS). [CVSS 8.7 HIGH]
Authenticated users with content creation permissions in Statamic CMS versions 6.0.0 through 6.2.2 can inject persistent
Versions 5.73.8 and below in addition to 6.0.0-alpha.1 versions up to 6.3.1 is affected by cross-site scripting (xss) (C
Remote code execution in Statmatic CMS versions prior to 5.73.11 and 6.4.0 allows authenticated users with control panel
Statmatic is a Laravel and Git powered content management system (CMS). [CVSS 6.8 MEDIUM]
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today