cnvd - cnvd-2024-22864

CNVD-2024-22864

Vulnerability from cnvd - Published: 2024-05-16

Title

MyBB服务器请求伪造漏洞

Description

MyBB（MyBulletinBoard）是MYBB团队的开发的一套用PHP和MySQL开发的免费且基于Web的论坛软件。该软件具有简单易用、支持多国语言、可扩展等特点。 MyBB 1.8.38之前版本存在服务器请求伪造漏洞，该漏洞源于产品未能正确验证用户输入，攻击者可利用该漏洞探测服务器内网资源。

Severity

中

Patch Name

MyBB服务器请求伪造漏洞的补丁

Patch Description

MyBB（MyBulletinBoard）是MYBB团队的开发的一套用PHP和MySQL开发的免费且基于Web的论坛软件。该软件具有简单易用、支持多国语言、可扩展等特点。 MyBB 1.8.38之前版本存在服务器请求伪造漏洞，该漏洞源于产品未能正确验证用户输入，攻击者可利用该漏洞探测服务器内网资源。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/mybb/mybb/commit/d6a96019025de9149014e06b1df252e6122e5630

Reference

https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h

Impacted products

Name
Mybb MyBB <1.8.38

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-23336",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-23336"
    }
  },
  "description": "MyBB\uff08MyBulletinBoard\uff09\u662fMYBB\u56e2\u961f\u7684\u5f00\u53d1\u7684\u4e00\u5957\u7528PHP\u548cMySQL\u5f00\u53d1\u7684\u514d\u8d39\u4e14\u57fa\u4e8eWeb\u7684\u8bba\u575b\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u7b80\u5355\u6613\u7528\u3001\u652f\u6301\u591a\u56fd\u8bed\u8a00\u3001\u53ef\u6269\u5c55\u7b49\u7279\u70b9\u3002\n\nMyBB 1.8.38\u4e4b\u524d\u7248\u672c\u5b58\u5728\u670d\u52a1\u5668\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a2\u6d4b\u670d\u52a1\u5668\u5185\u7f51\u8d44\u6e90\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/mybb/mybb/commit/d6a96019025de9149014e06b1df252e6122e5630",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-22864",
  "openTime": "2024-05-16",
  "patchDescription": "MyBB\uff08MyBulletinBoard\uff09\u662fMYBB\u56e2\u961f\u7684\u5f00\u53d1\u7684\u4e00\u5957\u7528PHP\u548cMySQL\u5f00\u53d1\u7684\u514d\u8d39\u4e14\u57fa\u4e8eWeb\u7684\u8bba\u575b\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u7b80\u5355\u6613\u7528\u3001\u652f\u6301\u591a\u56fd\u8bed\u8a00\u3001\u53ef\u6269\u5c55\u7b49\u7279\u70b9\u3002\r\n\r\nMyBB 1.8.38\u4e4b\u524d\u7248\u672c\u5b58\u5728\u670d\u52a1\u5668\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a2\u6d4b\u670d\u52a1\u5668\u5185\u7f51\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "MyBB\u670d\u52a1\u5668\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Mybb MyBB \u003c1.8.38"
  },
  "referenceLink": "https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h",
  "serverity": "\u4e2d",
  "submitTime": "2024-05-14",
  "title": "MyBB\u670d\u52a1\u5668\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2024-23336 (GCVE-0-2024-23336)

Vulnerability from cvelistv5 – Published: 2024-05-01 06:27 – Updated: 2024-08-01 22:59

Title

Incomplete disallowed remote addresses list in MyBB

Summary

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's _Disallowed Remote Addresses_ list (`$config['disallowed_remote_addresses']`) contains the address `127.0.0.1`, but does not include the complete block `127.0.0.0/8`. MyBB 1.8.38 resolves this issue in default installations. Administrators of installed boards should update the existing configuration (`inc/config.php`) to include all addresses blocked by default. Additionally, users are advised to verify that it includes any other IPv4 addresses resolving to the server and other internal resources. Users unable to upgrade may manually add 127.0.0.0/8' to their disallowed address list.

Severity ?

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-918 - Server-Side Request Forgery (SSRF)
CWE-184 - Incomplete List of Disallowed Inputs

Assigner

GitHub_M

References

URL

Tags

	https://github.com/mybb/mybb/security/advisories/…	x_refsource_CONFIRM
	https://github.com/mybb/mybb/commit/d6a96019025de…	x_refsource_MISC
	https://docs.mybb.com/1.8/administration/configur…	x_refsource_MISC
	https://mybb.com/versions/1.8.38	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	mybb	mybb	Affected: < 1.8.38

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mybb",
            "vendor": "mybb",
            "versions": [
              {
                "lessThan": "1.8.38",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23336",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T13:48:54.371730Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T14:06:34.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h"
          },
          {
            "name": "https://github.com/mybb/mybb/commit/d6a96019025de9149014e06b1df252e6122e5630",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mybb/mybb/commit/d6a96019025de9149014e06b1df252e6122e5630"
          },
          {
            "name": "https://docs.mybb.com/1.8/administration/configuration-file",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.mybb.com/1.8/administration/configuration-file"
          },
          {
            "name": "https://mybb.com/versions/1.8.38",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://mybb.com/versions/1.8.38"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mybb",
          "vendor": "mybb",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.8.38"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File\u0027s _Disallowed Remote Addresses_ list (`$config[\u0027disallowed_remote_addresses\u0027]`) contains the address `127.0.0.1`, but does not include the complete block `127.0.0.0/8`. MyBB 1.8.38 resolves this issue in default installations. Administrators of installed boards should update the existing configuration (`inc/config.php`) to include all addresses blocked by default. Additionally, users are advised to verify that it includes any other IPv4 addresses resolving to the server and other internal resources. Users unable to upgrade may manually add 127.0.0.0/8\u0027 to their disallowed address list."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-184",
              "description": "CWE-184: Incomplete List of Disallowed Inputs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T06:27:37.987Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h"
        },
        {
          "name": "https://github.com/mybb/mybb/commit/d6a96019025de9149014e06b1df252e6122e5630",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mybb/mybb/commit/d6a96019025de9149014e06b1df252e6122e5630"
        },
        {
          "name": "https://docs.mybb.com/1.8/administration/configuration-file",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.mybb.com/1.8/administration/configuration-file"
        },
        {
          "name": "https://mybb.com/versions/1.8.38",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://mybb.com/versions/1.8.38"
        }
      ],
      "source": {
        "advisory": "GHSA-qfrj-65mv-h75h",
        "discovery": "UNKNOWN"
      },
      "title": "Incomplete disallowed remote addresses list in MyBB"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-23336",
    "datePublished": "2024-05-01T06:27:37.987Z",
    "dateReserved": "2024-01-15T15:19:19.443Z",
    "dateUpdated": "2024-08-01T22:59:32.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-22864

CVE-2024-23336 (GCVE-0-2024-23336)

Tags

Sightings

Nomenclature