CVE-2024-47769

IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/idurar/idurar-erp-crm/commit/949bc6fe31f3175c9e1864d30cf6c8110179ac14	Patch
https://github.com/idurar/idurar-erp-crm/security/advisories/GHSA-948g-2vm7-mfv7	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:idurarapp:idurar:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-04 15:15

Updated : 2024-11-13 15:12

NVD link : CVE-2024-47769

Mitre link : CVE-2024-47769

CVE.ORG link : CVE-2024-47769

JSON object : View

Products Affected

idurarapp

idurar

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-23

Relative Path Traversal

{"id": "CVE-2024-47769", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-10-04T15:15:13.427", "references": [{"url": "https://github.com/idurar/idurar-erp-crm/commit/949bc6fe31f3175c9e1864d30cf6c8110179ac14", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/idurar/idurar-erp-crm/security/advisories/GHSA-948g-2vm7-mfv7", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-23"}]}], "descriptions": [{"lang": "en", "value": "IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location."}, {"lang": "es", "value": "IDURAR es un software de facturaci\u00f3n y contabilidad ERP CRM de c\u00f3digo abierto. La vulnerabilidad existe en el archivo corePublicRouter.js. Utilizando el uso de referencia aqu\u00ed, se identifica que el endpoint p\u00fablico es accesible para un usuario no autenticado. La entrada del usuario se adjunta directamente a la declaraci\u00f3n de uni\u00f3n sin comprobaciones adicionales. Esto permite que un atacante env\u00ede un payload malicioso codificado en URL. La estructura del directorio se puede escapar para leer archivos del sistema agregando una cadena codificada (payload) en la ubicaci\u00f3n de la subruta."}], "lastModified": "2024-11-13T15:12:54.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:idurarapp:idurar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDD0B833-86DC-4D22-A69B-B91B776DFBE2", "versionEndIncluding": "4.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}