CVE-2024-47528

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb203be	Patch
https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*

History

19 Dec 2024, 15:50

Type	Values Removed	Values Added
References	~~() https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb203be -~~	() https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb203be - Patch
References	~~() https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf -~~	() https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf - Exploit, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.8
CPE		cpe:2.3:a:librenms:librenms::::::::
First Time		Librenms Librenms librenms

Information

Published : 2024-10-01 21:15

Updated : 2024-12-19 21:15

NVD link : CVE-2024-47528

Mitre link : CVE-2024-47528

CVE.ORG link : CVE-2024-47528

JSON object : View

Products Affected

librenms

librenms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-116

Improper Encoding or Escaping of Output

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-47528", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 4.6, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-01T21:15:08.273", "references": [{"url": "https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb203be", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-116"}, {"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with \"admin\" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0."}, {"lang": "es", "value": "LibreNMS es un sistema de monitoreo de red de c\u00f3digo abierto basado en PHP/MySQL/SNMP. Se puede lograr el Cross-Site Scripting (XSS) Almacenado cargando un nuevo fondo para un mapa personalizado. Los usuarios con rol de \"administrador\" pueden configurar el fondo para un mapa personalizado, lo que permite cargar un archivo SVG que puede contener un payload XSS que se activar\u00e1 al cargar. Esto llev\u00f3 a la creaci\u00f3n de Cross-Site Scripting (XSS) almacenado. La vulnerabilidad se solucion\u00f3 en 24.9.0."}], "lastModified": "2024-12-19T21:15:08.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E39B6DE8-DAD4-4158-B2BF-93B804AE09FF", "versionEndExcluding": "24.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}