ghsa-72m9-7c8x-pmmw
Vulnerability from github
Published
2024-04-22 18:37
Modified
2024-04-23 14:15
Severity ?
Summary
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
Details
Summary
There is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code.
Vulnerable Code
https://github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23
Above is vulnerable code line which needs to be properly sanitized
PoC
- Go to /services/templates
- Enter name as
testing', '14', 'http://172.105.62.194:8000/services/templates/14');alert(1);// - Submit it and try to delete it, you will see popup
If you inspect element on delete button, you will notice this:-
Impact
Cross site scripting can lead to cookie stealing or an attacker can execute any other feature using this feature.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "librenms/librenms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "24.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-32479"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-22T18:37:27Z",
"nvd_published_at": "2024-04-22T22:15:08Z",
"severity": "HIGH"
},
"details": "### Summary\nThere is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code.\n\n \n### Vulnerable Code\nhttps://github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23\n\nAbove is vulnerable code line which needs to be properly sanitized \n\n### PoC\n1. Go to /services/templates\n2. Enter name as `testing\u0027, \u002714\u0027, \u0027http://172.105.62.194:8000/services/templates/14\u0027);alert(1);//`\n3. Submit it and try to delete it, you will see popup\n\nIf you inspect element on delete button, you will notice this:-\n\u003cimg width=\"748\" alt=\"Screenshot 2023-11-23 at 9 30 24\u202fPM\" src=\"https://user-images.githubusercontent.com/31764504/285260018-7672a93d-e29b-4444-8057-e6ffcb8dabfc.png\"\u003e\n\n\n### Impact\nCross site scripting can lead to cookie stealing or an attacker can execute any other feature using this feature.\n",
"id": "GHSA-72m9-7c8x-pmmw",
"modified": "2024-04-23T14:15:21Z",
"published": "2024-04-22T18:37:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-72m9-7c8x-pmmw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32479"
},
{
"type": "WEB",
"url": "https://github.com/librenms/librenms/commit/19344f0584d4d6d4526fdf331adc60530e3f685b"
},
{
"type": "PACKAGE",
"url": "https://github.com/librenms/librenms"
},
{
"type": "WEB",
"url": "https://github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.