CVE-2021-23264

Summary

Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.

Affected Software

VendorProductVersion RangeStatus
Crafter SoftwareCrafter CMS3.1 < 3.1.15affected

Weaknesses

  • CWE-402: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
  • CWE-668: CWE-668 Exposure of Resource to Wrong Sphere

Workarounds

Disable remote access to crafter-search.

ADP Enrichment

CVE Program Container

Additional References

References