logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak

Description

The Jetpack Carousel module allows users to create a "carousel" type image gallery and allows users to comment on the images.

A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.

Please refer to the Proof of Concept (PoC) of this vulnerability for further technical details.

Proof of Concept

By changing the "id" parameter of the POST request to a valid media attachment id on a page/post that was not public, it was possible to leak the non-public comments.

http://example.com/wp-admin/admin-ajax.php?action=get_attachment_comments&nonce=4aadefa6ee&id=28&offset=0

Affects Plugins

jetpack

Fixed in version 9.8

References

CVE

CVE-2021-24374

URL

https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/

URL

https://plugins.trac.wordpress.org/changeset/2541817/jetpack

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

Miscellaneous

Original Researcher

nguyenhg_vcs

Submitter

Jetpack Scan

Verified

Yes

WPVDB ID

08a8a51c-49d3-4bce-b7e0-e365af1d8f33

Timeline

Publicly Published

2021-06-03 (about 3 months ago)

Added

2021-06-03 (about 3 months ago)

Last Updated

2021-06-25 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin