CVE-2024-31244 - Vulnerability Details - OpenCVE

Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Bricksforge	Bricksforge

Configuration 1 [-]

cpe:2.3:a:bricksforge:bricksforge:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/bricksforge/wordpress-bricksforge-plugin-2-0-17-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve

History

Tue, 05 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Bricksforge Bricksforge bricksforge
CPEs		cpe:2.3:a:bricksforge:bricksforge::::::wordpress::*
Vendors & Products		Bricksforge Bricksforge bricksforge

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-06-09T11:08:15.489Z

Updated: 2024-08-02T01:46:04.969Z

Reserved: 2024-03-29T16:01:52.602Z

Link: CVE-2024-31244

Vulnrichment

Updated: 2024-06-10T15:08:05.904Z

NVD

Status : Modified

Published: 2024-06-09T12:15:09.570

Modified: 2024-11-21T09:13:06.850

Link: CVE-2024-31244

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31244", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-29T16:01:52.602Z", "datePublished": "2024-06-09T11:08:15.489Z", "dateUpdated": "2024-08-02T01:46:04.969Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Bricksforge", "vendor": "Bricksforge", "versions": [{"changes": [{"at": "2.1.1", "status": "unaffected"}], "lessThanOrEqual": "2.0.17", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dave Jong (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Bricksforge.<p>This issue affects Bricksforge: from n/a through 2.0.17.</p>"}], "value": "Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-09T11:08:15.489Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/bricksforge/wordpress-bricksforge-plugin-2-0-17-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 2.1.1 or a higher version."}], "value": "Update to 2.1.1 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Settings Change vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-10T15:07:54.302186Z", "id": "CVE-2024-31244", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T15:08:21.803Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:46:04.969Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/bricksforge/wordpress-bricksforge-plugin-2-0-17-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31244", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-29T16:01:52.602Z", "datePublished": "2024-06-09T11:08:15.489Z", "dateUpdated": "2024-06-10T15:08:21.803Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Bricksforge", "vendor": "Bricksforge", "versions": [{"changes": [{"at": "2.1.1", "status": "unaffected"}], "lessThanOrEqual": "2.0.17", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dave Jong (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Bricksforge.<p>This issue affects Bricksforge: from n/a through 2.0.17.</p>"}], "value": "Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-09T11:08:15.489Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/bricksforge/wordpress-bricksforge-plugin-2-0-17-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 2.1.1 or a higher version."}], "value": "Update to 2.1.1 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Settings Change vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31244", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-10T15:07:54.302186Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T15:08:05.904Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bricksforge:bricksforge:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F9E35B69-7946-4E88-ABA1-1232633E1CB3", "versionEndExcluding": "2.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Bricksforge. Este problema afecta a Bricksforge: desde n/a hasta 2.0.17."}], "id": "CVE-2024-31244", "lastModified": "2024-11-21T09:13:06.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-09T12:15:09.570", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/bricksforge/wordpress-bricksforge-plugin-2-0-17-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/bricksforge/wordpress-bricksforge-plugin-2-0-17-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}