Can you explain this vulnerability to me?

This vulnerability exists in Statamic, a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users were able to create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This allowed them to bypass the authorization checks that are normally enforced on the standard taxonomy term creation endpoint.

The issue was fixed in versions 5.73.14 and 6.7.0.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability allows low-privileged users to bypass authorization controls and create taxonomy terms that they should not be able to create. This could lead to unauthorized modification or addition of content taxonomy within the CMS.

While the CVSS score indicates no impact on confidentiality or availability, there is a low impact on integrity, meaning that unauthorized changes to data could occur.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade Statamic to version 5.73.14 or later, or version 6.7.0 or later, where the issue has been fixed.

Useful 0 Not Useful 0