[Japanese]

JVNDB-2024-000109

baserCMS plugin "BurgerEditor" vulnerable to directory listing

Overview

baserCMS plugin "BurgerEditor" provided by D-ZERO CO.,LTD. contains a directory listing vulnerability (CWE-548, CVE-2024-44807).
If accessing a URL of the web site using the plugin that has a specific string added to the end, a list of uploaded files may be obtained.
In addition, the uploaded file itself may be obtained through the list information.

Koh You Liang of SOMPO Holdings and Orel Gispan of Sompo Digital Lab Tel Aviv reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


D-ZERO CO.,LTD.
  • BurgerEditor (v2) versions prior to v2.25.1
  • BurgerEditor Limited Edition versions prior to v2.25.1

Note that "BurgerEditor" for baserCMS 5 series is not affected the vulnerability.
Impact

A list of uploaded files and/or files may be obtained without authentication on the web site that uses the plugin.
Solution

[Update the plugin]
Update the plugin according to the information provided by the developer.
The developer has released the following versions that address the vulnerability.
  • BurgerEditor (v2) v2.25.1
  • BurgerEditor Limited Edition v2.25.1
Vendor Information

D-ZERO CO.,LTD.
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2024-44807
References

  1. JVN : JVN#54676967
Revision History

  • [2024/10/10]
      Web page was published
  • [2024/11/06]
      Overview was modified

Date Public2024/10/10
Date First Published2024/10/10
Date Last Updated2024/11/06