CVE-2024-4874 - Vulnerability Details - OpenCVE

ReportizFlow

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify posts and pages created by other users including admins. As a requirement for this, an admin would have to enable access to the editor specifically for such a user or enable it for all users with a certain user account type.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bricksbuilder	Bricks

Configuration 1 [-]

cpe:2.3:a:bricksbuilder:bricks:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://bricksbuilder.io/release/bricks-1-9-9/#access-control-fix-for-user-role-contributor
https://www.wordfence.com/threat-intel/vulnerabilities/id/6d63e898-43e5-42b5-96b6-1453352e0cae?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-22T04:32:03.446Z

Updated: 2024-08-01T20:55:10.223Z

Reserved: 2024-05-14T15:31:20.411Z

Link: CVE-2024-4874

Vulnrichment

Updated: 2024-08-01T20:55:10.223Z

NVD

Status : Modified

Published: 2024-06-22T05:15:11.837

Modified: 2024-11-21T09:43:46.323

Link: CVE-2024-4874

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4874", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-05-14T15:31:20.411Z", "datePublished": "2024-06-22T04:32:03.446Z", "dateUpdated": "2024-08-01T20:55:10.223Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-22T04:32:03.446Z"}, "affected": [{"vendor": "BricksBuilder", "product": "Bricks Builder", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.9.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify posts and pages created by other users including admins. As a requirement for this, an admin would have to enable access to the editor specifically for such a user or enable it for all users with a certain user account type."}], "title": "Bricks Builder <= 1.9.8 - Insecure Direct Object Reference", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d63e898-43e5-42b5-96b6-1453352e0cae?source=cve"}, {"url": "https://bricksbuilder.io/release/bricks-1-9-9/#access-control-fix-for-user-role-contributor"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "timeline": [{"time": "2024-06-21T15:59:39.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-22T16:28:44.210085Z", "id": "CVE-2024-4874", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-22T16:28:59.520Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.223Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d63e898-43e5-42b5-96b6-1453352e0cae?source=cve", "tags": ["x_transferred"]}, {"url": "https://bricksbuilder.io/release/bricks-1-9-9/#access-control-fix-for-user-role-contributor", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d63e898-43e5-42b5-96b6-1453352e0cae?source=cve", "tags": ["x_transferred"]}, {"url": "https://bricksbuilder.io/release/bricks-1-9-9/#access-control-fix-for-user-role-contributor", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.223Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4874", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-22T16:28:44.210085Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-22T16:28:53.856Z"}}], "cna": {"title": "Bricks Builder <= 1.9.8 - Insecure Direct Object Reference", "credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "BricksBuilder", "product": "Bricks Builder", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.9.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-06-21T15:59:39.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d63e898-43e5-42b5-96b6-1453352e0cae?source=cve"}, {"url": "https://bricksbuilder.io/release/bricks-1-9-9/#access-control-fix-for-user-role-contributor"}], "descriptions": [{"lang": "en", "value": "The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify posts and pages created by other users including admins. As a requirement for this, an admin would have to enable access to the editor specifically for such a user or enable it for all users with a certain user account type."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-22T04:32:03.446Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4874", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:55:10.223Z", "dateReserved": "2024-05-14T15:31:20.411Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-06-22T04:32:03.446Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bricksbuilder:bricks:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "07E03076-E07E-4943-A79F-E3FD5CE283E0", "versionEndExcluding": "1.9.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify posts and pages created by other users including admins. As a requirement for this, an admin would have to enable access to the editor specifically for such a user or enable it for all users with a certain user account type."}, {"lang": "es", "value": "El complemento Bricks Builder para WordPress es vulnerable a Insecure Direct Object Reference en todas las versiones hasta la 1.9.8 incluida a trav\u00e9s del par\u00e1metro postId debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, modifiquen publicaciones y p\u00e1ginas creadas por otros usuarios, incluidos los administradores. Como requisito para esto, un administrador tendr\u00eda que habilitar el acceso al editor espec\u00edficamente para dicho usuario o habilitarlo para todos los usuarios con un determinado tipo de cuenta de usuario."}], "id": "CVE-2024-4874", "lastModified": "2024-11-21T09:43:46.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-06-22T05:15:11.837", "references": [{"source": "[email protected]", "tags": ["Release Notes"], "url": "https://bricksbuilder.io/release/bricks-1-9-9/#access-control-fix-for-user-role-contributor"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d63e898-43e5-42b5-96b6-1453352e0cae?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://bricksbuilder.io/release/bricks-1-9-9/#access-control-fix-for-user-role-contributor"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d63e898-43e5-42b5-96b6-1453352e0cae?source=cve"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "[email protected]", "type": "Primary"}]}