Login Sign Up

CVE-2021-32752

7.2 HIGH

📋 TL;DR

CVE-2021-32752 is an arbitrary file read vulnerability in Ether Logs plugin for Craft CMS. Authenticated admin users can read any file on the server, potentially exposing sensitive configuration files, credentials, or other data. This affects Craft CMS installations using Ether Logs plugin versions prior to 3.0.4.

💻 Affected Systems

Products:
  • Ether Logs plugin for Craft CMS
Versions: All versions prior to 3.0.4
Operating Systems: All platforms running Craft CMS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin authentication in Craft CMS. The vulnerability exists in the plugin's file reading functionality.

📦 What is this software?

Logs by Ethercreative

View all CVEs affecting Logs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like configuration files containing database credentials, SSH keys, or other secrets, leading to lateral movement and data exfiltration.

🟠

Likely Case

Unauthorized access to sensitive files containing application secrets, user data, or system information that could be used for further attacks.

🟢

If Mitigated

Limited impact if proper access controls and file permissions are in place, though sensitive files may still be exposed.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials. The vulnerability is straightforward to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.4

Vendor Advisory: https://github.com/ethercreative/logs/security/advisories/GHSA-fp63-499m-hq6m

Restart Required: No

Instructions:

1. Update Ether Logs plugin to version 3.0.4 or later via Craft CMS plugin manager. 2. Verify the update completed successfully. 3. Test plugin functionality.

🔧 Temporary Workarounds

Disable Ether Logs plugin

all

Temporarily disable the vulnerable plugin until patching is possible

Navigate to Craft CMS admin panel > Settings > Plugins > Disable Ether Logs

🧯 If You Can't Patch

  • Restrict admin access to only trusted users
  • Implement strict file system permissions to limit readable files

🔍 How to Verify

Check if Vulnerable:

Check Craft CMS admin panel > Settings > Plugins for Ether Logs version. If version is below 3.0.4, system is vulnerable.

Check Version:

Check via Craft CMS admin interface: Settings > Plugins > Ether Logs

Verify Fix Applied:

Confirm Ether Logs plugin version is 3.0.4 or higher in Craft CMS admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns from admin users
  • Access to sensitive file paths in application logs

Network Indicators:

  • HTTP requests to Ether Logs endpoints with file path parameters

SIEM Query:

source="craft_cms_logs" AND ("logs/utilities" OR "ether/logs") AND (".." OR "/etc/" OR "/var/")

📊 Metadata

CVE ID: CVE-2021-32752
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-552
Published: July 9, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32752, you might also want to check these:

CVE-2025-41240 10.0

This critical vulnerability allows unauthenticated remote attackers to access Kubernetes secrets via...

Same vulnerability type (CWE-552)
CVE-2024-56731 10.0

This vulnerability allows unprivileged users in Gogs to delete files in the .git directory, leading ...

Same vulnerability type (CWE-552)
CVE-2024-6209 10.0

This vulnerability allows attackers to access files without authorization in ABB ASPECT-Enterprise, ...

Same vulnerability type (CWE-552)