Advisories for Composer/Ether/Logs package

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fp63-499m-hq6m. This link is maintained to preserve external references. Original Description The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php.

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.