Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xMzdoLWpoZjMtODVjas4AAtaC
Bypass of CMS Safe Mode Security Feature
Impact
Authenticated users with permissions to create or modify theme template objects through the backend "CMS" editor can exploit this vulnerability to bypass the cms.enableSafeMode security feature if enabled (disables modification of PHP code through the web interface when enabled).
This is only an issue for Winter CMS instances that rely on the Safe Mode security feature to prevent privileged users from modifying the PHP code of CMS theme template objects through the web interface.
CVSS v3.1 Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Patches
Issue has been fixed in v1.0.475, v1.1.9, & v1.2.
Workarounds
Apply https://github.com/wintercms/storm/commit/03eb5ce3f2a271670574802b914f7bcaf07663c1 manually if unable to upgrade to v1.0.475, v1.1.9, or v1.2.0.
References
See https://github.com/octobercms/october/security/advisories/GHSA-79jw-2f46-wv22/.
Credit to David Miller for reporting the issue.
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMzdoLWpoZjMtODVjas4AAtaC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-q37h-jhf3-85cj
References:
- https://github.com/wintercms/winter/security/advisories/GHSA-q37h-jhf3-85cj
- https://github.com/advisories/GHSA-q37h-jhf3-85cj
Blast Radius: 1.0
Affected Packages
packagist:wintercms/winter
Dependent packages: 0Dependent repositories: 0
Downloads: 28,574 total
Affected Version Ranges: >= 1.1.0, < 1.1.9, < 1.0.475
Fixed in: 1.1.9, 1.0.475
All affected versions: 1.0.319, 1.0.320, 1.0.321, 1.0.322, 1.0.323, 1.0.324, 1.0.325, 1.0.326, 1.0.327, 1.0.328, 1.0.329, 1.0.330, 1.0.331, 1.0.332, 1.0.333, 1.0.334, 1.0.335, 1.0.336, 1.0.337, 1.0.338, 1.0.339, 1.0.340, 1.0.341, 1.0.342, 1.0.343, 1.0.344, 1.0.345, 1.0.346, 1.0.347, 1.0.348, 1.0.349, 1.0.350, 1.0.351, 1.0.352, 1.0.353, 1.0.354, 1.0.355, 1.0.356, 1.0.357, 1.0.358, 1.0.359, 1.0.360, 1.0.361, 1.0.362, 1.0.363, 1.0.364, 1.0.365, 1.0.366, 1.0.367, 1.0.368, 1.0.369, 1.0.370, 1.0.371, 1.0.372, 1.0.373, 1.0.374, 1.0.375, 1.0.376, 1.0.377, 1.0.378, 1.0.379, 1.0.380, 1.0.381, 1.0.382, 1.0.383, 1.0.384, 1.0.385, 1.0.386, 1.0.387, 1.0.388, 1.0.389, 1.0.390, 1.0.391, 1.0.392, 1.0.393, 1.0.394, 1.0.395, 1.0.396, 1.0.397, 1.0.398, 1.0.399, 1.0.400, 1.0.401, 1.0.402, 1.0.403, 1.0.404, 1.0.405, 1.0.406, 1.0.407, 1.0.408, 1.0.409, 1.0.410, 1.0.411, 1.0.412, 1.0.413, 1.0.414, 1.0.415, 1.0.416, 1.0.417, 1.0.418, 1.0.419, 1.0.420, 1.0.421, 1.0.422, 1.0.423, 1.0.424, 1.0.425, 1.0.426, 1.0.427, 1.0.428, 1.0.429, 1.0.430, 1.0.431, 1.0.432, 1.0.433, 1.0.434, 1.0.435, 1.0.436, 1.0.437, 1.0.438, 1.0.439, 1.0.440, 1.0.441, 1.0.442, 1.0.443, 1.0.444, 1.0.445, 1.0.446, 1.0.447, 1.0.448, 1.0.449, 1.0.450, 1.0.451, 1.0.452, 1.0.453, 1.0.454, 1.0.455, 1.0.456, 1.0.457, 1.0.458, 1.0.459, 1.0.460, 1.0.461, 1.0.462, 1.0.463, 1.0.464, 1.0.465, 1.0.466, 1.0.467, 1.0.468, 1.0.469, 1.0.470, 1.0.471, 1.0.472, 1.0.473, 1.0.474, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8
All unaffected versions: 1.0.475, 1.1.9, 1.1.10, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6