In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 01-02, 2024.
During this period, The National Vulnerability Database published 84, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 13
Medium: 43
Low: 2
Severity Not Assigned: 21
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-21750
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5.
References: https://patchstack.com/database/vulnerability/shortcodes-finder/wordpress-shortcodes-finder-plugin-1-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-22148
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3.
References: https://patchstack.com/database/vulnerability/wp-smart-editor/wordpress-wp-smart-editor-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-51540
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0.
References: https://patchstack.com/database/vulnerability/custom-404-pro/wordpress-custom-404-pro-plugin-3-10-0-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-51509
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.1.
References: https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-6078
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-23832
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.
References: https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958
https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw
CWE-ID: CWE-290
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-24561
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.
References: https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457
https://github.com/vyperlang/vyper/issues/3756
https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-24570
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel. Additionally, if the XSS is crafted in a specific way, the "copy password reset link" feature may be exploited to gain access to a user's password reset token and gain access to their account. The authorized user is required to execute the XSS in order for the vulnerability to occur. In versions 4.46.0 and 3.4.17, the XSS vulnerability has been patched, and the copy password reset link functionality has been disabled.
References: https://github.com/statamic/cms/security/advisories/GHSA-vqxq-hvxw-9mv9
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1039
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description:
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01
CWE-ID: CWE-1391
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-36496
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.3
Description: Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
References: https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284
https://support.pingidentity.com/s/article/SECADV039
https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-46706
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description:
Multiple MachineSense devices have credentials unable to be changed by the user or administrator.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-47867
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description:
MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-49115
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-49610
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description:
MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-49617
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.8
Description:
The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-6221
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description:
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-21852
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution.
References: https://rapidscada.org/contact/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-24756
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5.
References: https://github.com/crafatar/crafatar/blob/e0233f2899a3206a817d2dd3b80da83d51c7a726/lib/server.js#L64-L67
https://github.com/crafatar/crafatar/commit/bba004acc725b362a5d2d5dfe30cf60e7365a373
https://github.com/crafatar/crafatar/security/advisories/GHSA-5cxq-25mp-q5f2
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 01-02, 2024.
During this period, The National Vulnerability Database published 84, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 13
Medium: 43
Low: 2
Severity Not Assigned: 21
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-21750
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5.
References: https://patchstack.com/database/vulnerability/shortcodes-finder/wordpress-shortcodes-finder-plugin-1-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-22148
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3.
References: https://patchstack.com/database/vulnerability/wp-smart-editor/wordpress-wp-smart-editor-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-51540
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0.
References: https://patchstack.com/database/vulnerability/custom-404-pro/wordpress-custom-404-pro-plugin-3-10-0-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-51509
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.1.
References: https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-6078
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-23832
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.
References: https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958
https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw
CWE-ID: CWE-290
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-24561
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.
References: https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457
https://github.com/vyperlang/vyper/issues/3756
https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-24570
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel. Additionally, if the XSS is crafted in a specific way, the "copy password reset link" feature may be exploited to gain access to a user's password reset token and gain access to their account. The authorized user is required to execute the XSS in order for the vulnerability to occur. In versions 4.46.0 and 3.4.17, the XSS vulnerability has been patched, and the copy password reset link functionality has been disabled.
References: https://github.com/statamic/cms/security/advisories/GHSA-vqxq-hvxw-9mv9
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1039
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description:
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01
CWE-ID: CWE-1391
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-36496
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.3
Description: Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
References: https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284
https://support.pingidentity.com/s/article/SECADV039
https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-46706
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description:
Multiple MachineSense devices have credentials unable to be changed by the user or administrator.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-47867
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description:
MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-49115
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-49610
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description:
MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-49617
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.8
Description:
The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-6221
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description:
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.
References: https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-21852
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution.
References: https://rapidscada.org/contact/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-24756
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5.
References: https://github.com/crafatar/crafatar/blob/e0233f2899a3206a817d2dd3b80da83d51c7a726/lib/server.js#L64-L67
https://github.com/crafatar/crafatar/commit/bba004acc725b362a5d2d5dfe30cf60e7365a373
https://github.com/crafatar/crafatar/security/advisories/GHSA-5cxq-25mp-q5f2
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found