8.7 HIGH
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): High (H)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): None (N)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): High (H)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): None (N)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
Grav API Plugin - Cross-Origin Admin Account Takeover via CORS Wildcard and JWT Query Parameter
Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-Allow-Origin: *, allowing unauthenticated attackers to make fully authenticated cross-origin API requests from any malicious website. Attackers who obtain a leaked JWT token from access logs, proxy logs, browser history, or Referrer headers can create persistent backdoor super-admin accounts and exfiltrate sensitive configuration and user data.
References
Affected products
- =<1.0.0-rc.15
Matching in nixpkgs
pkgs.grav
Fast, simple, and flexible, file-based web platform
pkgs.gravit
Beautiful OpenGL-based gravity simulator
pkgs.antigravity
Agentic development platform, evolving the IDE into the agent-first era
pkgs.antigravity-cli
Google's Go-based terminal user interface (TUI) agent client
pkgs.antigravity-fhs
Wrapped variant of antigravity which launches in a FHS compatible environment, should allow for easy usage of extensions without nix-specific modifications
pkgs.stardust-xr-gravity
Utility to launch apps and stardust clients at an offet
-
nixos-unstable 0-unstable-2024-12-29
- nixpkgs-unstable 0-unstable-2024-12-29
- nixos-unstable-small 0-unstable-2024-12-29
-
nixos-26.05 0-unstable-2024-12-29
- nixos-26.05-small 0-unstable-2024-12-29
- nixpkgs-26.05-darwin 0-unstable-2024-12-29
pkgs.kdePackages.libgravatar
Library that provides Gravatar support
pkgs.gnomeExtensions.gravatar
Synchronize GNOME Shell user icon with an avatar service, one of Gravatar or Libravatar.
pkgs.haskellPackages.gravatar
Generate Gravatar image URLs
pkgs.python313Packages.libgravatar
Library that provides a Python 3 interface for the Gravatar API
pkgs.python314Packages.libgravatar
Library that provides a Python 3 interface for the Gravatar API
pkgs.python313Packages.flask-gravatar
Small and simple integration of gravatar into flask
pkgs.python314Packages.flask-gravatar
Small and simple integration of gravatar into flask
pkgs.python313Packages.django-gravatar2
Essential Gravatar support for Django
pkgs.python314Packages.django-gravatar2
Essential Gravatar support for Django
pkgs.perlPackages.MojoliciousPluginGravatar
Globally Recognized Avatars for Mojolicious
Package maintainers
-
@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
-
@Zaczero Kamil Monicz <kamil@monicz.dev>
-
@u3kkasha Fida Waseque Choudhury <fida.waseque@gmail.com>
-
@AdrielVelazquez Adriel Velazquez <AdrielVelazquez@gmail.com>
-
@honnip Jung seungwoo <me@honnip.page>
-
@rycee Robert Helgesson <robert@rycee.net>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@K900 Ilya K. <me@0upti.me>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@bkchr Bastian Köcher <nixos@kchr.de>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@stigtsp Stig Palmquist <stig@stig.io>
-
@gador Florian Brandes <florian.brandes@posteo.de>
-
@Pandapip1 Gavin John <gavinnjohn@gmail.com>
-
@technobaboo Nova King