GHSA-X4HH-VJM7-G2JV

Vulnerability from github – Published: 2023-09-20 22:51 – Updated: 2023-09-20 22:51
VLAI?
Summary
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input
Details

Summary

Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days.

Details

The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash.

PoC

To reproduce this vulnerability, please follow these steps:

Start the Faktory Docker and limit memory usage to 512 megabytes for better demonstration:

$ docker run --rm -it -m 512m \
  -p 127.0.0.1:7419:7419 \
  -p 127.0.0.1:7420:7420 \
  contribsys/faktory:latest

Send the following request. The Faktory server will exit after a few seconds due to out of memory:

$ curl 'http://localhost:7420/?days=922337'

Impact

Server Availability: The vulnerability can crash the Faktory server, affecting its availability. Denial of Service Risk: Given that the Faktory web dashboard does not require authorization, any entity with internet access to the dashboard could potentially exploit this vulnerability. This unchecked access opens up the potential for a Denial of Service (DoS) attack, which could disrupt service availability without any conditional barriers to the attacker.

Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/contribsys/faktory"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-37279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770",
      "CWE-789"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-20T22:51:09Z",
    "nvd_published_at": "2023-09-20T22:15:13Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nFaktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`.\n\n### Details\nThe vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash.\n\n### PoC\nTo reproduce this vulnerability, please follow these steps:\n\nStart the Faktory Docker and limit memory usage to 512 megabytes for better demonstration:\n```\n$ docker run --rm -it -m 512m \\\n  -p 127.0.0.1:7419:7419 \\\n  -p 127.0.0.1:7420:7420 \\\n  contribsys/faktory:latest\n``` \n\nSend the following request. The Faktory server will exit after a few seconds due to out of memory:\n\n```\n$ curl \u0027http://localhost:7420/?days=922337\u0027\n```\n\n### Impact\n**Server Availability**: The vulnerability can crash the Faktory server, affecting its availability.\n**Denial of Service Risk**: Given that the Faktory web dashboard does not require authorization, any entity with internet access to the dashboard could potentially exploit this vulnerability. This unchecked access opens up the potential for a Denial of Service (DoS) attack, which could disrupt service availability without any conditional barriers to the attacker. \n",
  "id": "GHSA-x4hh-vjm7-g2jv",
  "modified": "2023-09-20T22:51:09Z",
  "published": "2023-09-20T22:51:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/contribsys/faktory/security/advisories/GHSA-x4hh-vjm7-g2jv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37279"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/contribsys/faktory"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.