Voozh

VOOZH

URL: https://github.com/advisories/GHSA-q37h-jhf3-85cj

⇱ Bypass of CMS Safe Mode Security Feature · GHSA-q37h-jhf3-85cj · GitHub Advisory Database · GitHub

Bypass of CMS Safe Mode Security Feature

Moderate severity GitHub Reviewed Published in wintercms/winter • Updated

Package

wintercms/winter (Composer)

Affected versions

< 1.0.475

>= 1.1.0, < 1.1.9

Patched versions

1.0.475

1.1.9

Description

Impact

Authenticated users with permissions to create or modify theme template objects through the backend "CMS" editor can exploit this vulnerability to bypass the cms.enableSafeMode security feature if enabled (disables modification of PHP code through the web interface when enabled).

This is only an issue for Winter CMS instances that rely on the Safe Mode security feature to prevent privileged users from modifying the PHP code of CMS theme template objects through the web interface.

CVSS v3.1 Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Patches

Issue has been fixed in v1.0.475, v1.1.9, & v1.2.

Workarounds

Apply wintercms/storm@ manually if unable to upgrade to v1.0.475, v1.1.9, or v1.2.0.

References

See GHSA-79jw-2f46-wv22.

Credit to David Miller for reporting the issue.

For more information

If you have any questions or comments about this advisory:

Email us at hello@wintercms.com

References

GHSA-q37h-jhf3-85cj

👁 @LukeTowers
LukeTowers published to wintercms/winter

Published to the GitHub Advisory Database

Reviewed

Last updated

Severity

Moderate

EPSS score

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-q37h-jhf3-85cj

Source code

wintercms/winter

Credits

👁 @cydave
cydave Analyst

See something to contribute? Suggest improvements for this vulnerability.

You can’t perform that action at this time.