In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 08-09, 2024.
During this period, The National Vulnerability Database published 86, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 14
Medium: 18
Low: 0
Severity Not Assigned: 51
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-1207
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032596%40booking&new=3032596%40booking&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-6515
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M?A-MED allows Authentication Abuse.This issue affects M?A-MED: before 1.0.7.
References: https://www.usom.gov.tr/bildirim/tr-24-0087
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-6517
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M?A-MED allows Collect Data as Provided by Users.This issue affects M?A-MED: before 1.0.7.
References: https://www.usom.gov.tr/bildirim/tr-24-0087
CWE-ID: CWE-213
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6518
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Plaintext Storage of a Password vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.
References: https://www.usom.gov.tr/bildirim/tr-24-0087
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-6519
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.
References: https://www.usom.gov.tr/bildirim/tr-24-0087
CWE-ID: CWE-488
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-24879
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.
References: https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-5-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-24881
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.
References: https://patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-0985
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.
References: https://www.postgresql.org/support/security/CVE-2024-0985/
CWE-ID: CWE-271
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1149
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.
References: https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-1150
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.
References: https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-24877
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9.
References: https://patchstack.com/database/vulnerability/wonderplugin-slider-lite/wordpress-wonder-slider-lite-plugin-13-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-24878
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1.
References: https://patchstack.com/database/vulnerability/portugal-ctt-tracking-woocommerce/wordpress-portugal-ctt-tracking-for-woocommerce-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-0242
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 5.8
Description: Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-1329
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.
References: https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack
CWE-ID: CWE-610
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-51630
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the web console. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system.
. Was ZDI-CAN-21182.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-073/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-24830
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/openobserve/openobserve/security/advisories/GHSA-hfxx-g56f-8h5v
CWE-ID: CWE-269 CWE-272 CWE-284 CWE-285 CWE-287
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-25106
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.3
Description: OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/{org_id}/users/{email_id}" endpoint. This vulnerability allows any authenticated user within an organization to remove any other user from that same organization, irrespective of their respective roles. This includes the ability to remove users with "Admin" and "Root" roles. By enabling any organizational member to unilaterally alter the user base, it opens the door to unauthorized access and can cause considerable disruptions in operations. The core of the vulnerability lies in the `remove_user_from_org` function in the user management system. This function is designed to allow organizational users to remove members from their organization. The function does not check if the user initiating the request has the appropriate administrative privileges to remove a user. Any user who is part of the organization, irrespective of their role, can remove any other user, including those with higher privileges. This vulnerability is categorized as an Authorization issue leading to Unauthorized User Removal. The impact is severe, as it compromises the integrity of user management within organizations. By exploiting this vulnerability, any user within an organization, without the need for administrative privileges, can remove critical users, including "Admins" and "Root" users. This could result in unauthorized system access, administrative lockout, or operational disruptions. Given that user accounts are typically created by "Admins" or "Root" users, this vulnerability can be exploited by any user who has been granted access to an organization, thereby posing a critical risk to the security and operational stability of the application. This issue has been addressed in release version 0.8.0. Users are advised to upgrade.
References: https://github.com/openobserve/openobserve/security/advisories/GHSA-3m5f-9m66-xgp7
CWE-ID: CWE-269 CWE-272 CWE-284 CWE-285 CWE-287
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 08-09, 2024.
During this period, The National Vulnerability Database published 86, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 14
Medium: 18
Low: 0
Severity Not Assigned: 51
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-1207
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032596%40booking&new=3032596%40booking&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-6515
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M?A-MED allows Authentication Abuse.This issue affects M?A-MED: before 1.0.7.
References: https://www.usom.gov.tr/bildirim/tr-24-0087
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-6517
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M?A-MED allows Collect Data as Provided by Users.This issue affects M?A-MED: before 1.0.7.
References: https://www.usom.gov.tr/bildirim/tr-24-0087
CWE-ID: CWE-213
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6518
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Plaintext Storage of a Password vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.
References: https://www.usom.gov.tr/bildirim/tr-24-0087
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-6519
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.
References: https://www.usom.gov.tr/bildirim/tr-24-0087
CWE-ID: CWE-488
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-24879
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.
References: https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-5-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-24881
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.
References: https://patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-0985
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.
References: https://www.postgresql.org/support/security/CVE-2024-0985/
CWE-ID: CWE-271
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1149
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.
References: https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-1150
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.
References: https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-24877
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9.
References: https://patchstack.com/database/vulnerability/wonderplugin-slider-lite/wordpress-wonder-slider-lite-plugin-13-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-24878
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1.
References: https://patchstack.com/database/vulnerability/portugal-ctt-tracking-woocommerce/wordpress-portugal-ctt-tracking-for-woocommerce-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-0242
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 5.8
Description: Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-1329
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.
References: https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack
CWE-ID: CWE-610
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-51630
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the web console. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system.
. Was ZDI-CAN-21182.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-073/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-24830
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/openobserve/openobserve/security/advisories/GHSA-hfxx-g56f-8h5v
CWE-ID: CWE-269 CWE-272 CWE-284 CWE-285 CWE-287
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-25106
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.3
Description: OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/{org_id}/users/{email_id}" endpoint. This vulnerability allows any authenticated user within an organization to remove any other user from that same organization, irrespective of their respective roles. This includes the ability to remove users with "Admin" and "Root" roles. By enabling any organizational member to unilaterally alter the user base, it opens the door to unauthorized access and can cause considerable disruptions in operations. The core of the vulnerability lies in the `remove_user_from_org` function in the user management system. This function is designed to allow organizational users to remove members from their organization. The function does not check if the user initiating the request has the appropriate administrative privileges to remove a user. Any user who is part of the organization, irrespective of their role, can remove any other user, including those with higher privileges. This vulnerability is categorized as an Authorization issue leading to Unauthorized User Removal. The impact is severe, as it compromises the integrity of user management within organizations. By exploiting this vulnerability, any user within an organization, without the need for administrative privileges, can remove critical users, including "Admins" and "Root" users. This could result in unauthorized system access, administrative lockout, or operational disruptions. Given that user accounts are typically created by "Admins" or "Root" users, this vulnerability can be exploited by any user who has been granted access to an organization, thereby posing a critical risk to the security and operational stability of the application. This issue has been addressed in release version 0.8.0. Users are advised to upgrade.
References: https://github.com/openobserve/openobserve/security/advisories/GHSA-3m5f-9m66-xgp7
CWE-ID: CWE-269 CWE-272 CWE-284 CWE-285 CWE-287
Common Platform Enumerations (CPE): Not Found