CVE-2023-27577

MEDIUM EPSS 53.6%
Published Mar 10, 20233y ago · Modified Jun 17, 20262w ago
4.9 CVSS 3.1
Medium
Find Similar
Published Mar 10, 2023 3y ago
Last Modified Jun 17, 2026 2w ago

Description

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.

CVSS Details

Base Score
4.9
Exploitability
1.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
53.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 1

VendorProductVersionRange
flarumflarum* <1.7.0

References 2

  • github.com https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444
    Patch
  • github.com https://github.com/flarum/framework/security/advisories/GHSA-vhm8-wwrf-3gcw
    Vendor Advisory

Remediation

  • github.com https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444
    Patch