FKIE_CVE-2022-4068

Vulnerability from fkie_nvd - Published: 2022-11-20 05:15 - Updated: 2024-11-21 07:34
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
References
security@huntr.devhttps://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1Patch, Third Party Advisory
security@huntr.devhttps://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdcExploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdcExploit, Patch, Third Party Advisory
Impacted products
Vendor Product Version
librenms librenms *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99D1C2AF-9BBB-4F7D-9FC3-4A645F7C284D",
              "versionEndExcluding": "22.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin\u0027s account."
    },
    {
      "lang": "es",
      "value": "Un usuario puede habilitar su propia cuenta si un administrador la deshabilit\u00f3 mientras el usuario a\u00fan tiene una sesi\u00f3n v\u00e1lida. Adem\u00e1s, el nombre de usuario no se sanitiza adecuadamente en la descripci\u00f3n general del usuario administrador. Esto habilita un ataque XSS que permite a un atacante con un usuario con privilegios bajos ejecutar JavaScript arbitrario en el contexto de la cuenta de un administrador."
    }
  ],
  "id": "CVE-2022-4068",
  "lastModified": "2024-11-21T07:34:32.860",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.5,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-20T05:15:12.183",
  "references": [
    {
      "source": "security@huntr.dev",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-915"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.