First published: Thu Dec 02 2021(Updated: )
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
Credit: security@craftersoftware.com
Affected Software | Affected Version | How to fix |
---|---|---|
Craftercms Crafter Cms | >=3.1.0<3.1.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-23264 is critical with a CVSS score of 9.1.
The software affected by CVE-2021-23264 is Crafter CMS versions 3.1.0 to 3.1.15.
Unauthenticated remote attackers can create, view, and delete search indexes on installations where crafter-search is not protected.
To protect your installation, make sure to protect crafter-search and implement authentication for remote access.
Yes, you can refer to the official advisory for more information on CVE-2021-23264: https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120107