CVE-2024-47528

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb203be
https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf

Configurations

No configuration.

History

02 Oct 2024, 13:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4
Summary		(es) LibreNMS es un sistema de monitoreo de red de código abierto basado en PHP/MySQL/SNMP. Se puede lograr el Cross-Site Scripting (XSS) Almacenado cargando un nuevo fondo para un mapa personalizado. Los usuarios con rol de "administrador" pueden configurar el fondo para un mapa personalizado, lo que permite cargar un archivo SVG que puede contener un payload XSS que se activará al cargar. Esto llevó a la creación de Cross-Site Scripting (XSS) almacenado. La vulnerabilidad se solucionó en 24.9.0.

01 Oct 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-01 21:15

Updated : 2024-10-04 13:50

NVD link : CVE-2024-47528

Mitre link : CVE-2024-47528

CVE.ORG link : CVE-2024-47528

JSON object : View

Products Affected

No product.

CWE

CWE-116

Improper Encoding or Escaping of Output

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-47528", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.1, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-01T21:15:08.273", "references": [{"url": "https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb203be", "source": "security-advisories@github.com"}, {"url": "https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-116"}, {"lang": "en", "value": "CWE-434"}, {"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with \"admin\" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0."}, {"lang": "es", "value": "LibreNMS es un sistema de monitoreo de red de c\u00f3digo abierto basado en PHP/MySQL/SNMP. Se puede lograr el Cross-Site Scripting (XSS) Almacenado cargando un nuevo fondo para un mapa personalizado. Los usuarios con rol de \"administrador\" pueden configurar el fondo para un mapa personalizado, lo que permite cargar un archivo SVG que puede contener un payload XSS que se activar\u00e1 al cargar. Esto llev\u00f3 a la creaci\u00f3n de Cross-Site Scripting (XSS) almacenado. La vulnerabilidad se solucion\u00f3 en 24.9.0."}], "lastModified": "2024-10-04T13:50:43.727", "sourceIdentifier": "security-advisories@github.com"}