CVE-2024-48911

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/thinkst/opencanary/commit/2c11575b1a3dd8b0df26a879ba856c0aa350c049	Patch
https://github.com/thinkst/opencanary/releases/tag/v0.9.4	Release Notes
https://github.com/thinkst/opencanary/security/advisories/GHSA-pf5v-pqfv-x8jj	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:thinkst:opencanary:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-14 21:15

Updated : 2024-10-17 21:13

NVD link : CVE-2024-48911

Mitre link : CVE-2024-48911

CVE.ORG link : CVE-2024-48911

JSON object : View

Products Affected

thinkst

opencanary

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2024-48911", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.8, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-14T21:15:12.323", "references": [{"url": "https://github.com/thinkst/opencanary/commit/2c11575b1a3dd8b0df26a879ba856c0aa350c049", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/thinkst/opencanary/releases/tag/v0.9.4", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/thinkst/opencanary/security/advisories/GHSA-pf5v-pqfv-x8jj", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it\u2019s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue."}, {"lang": "es", "value": "OpenCanary, un honeypot de red multiprotocolo, ejecutaba directamente comandos tomados de su archivo de configuraci\u00f3n. Antes de la versi\u00f3n 0.9.4, donde el archivo de configuraci\u00f3n se almacenaba en un directorio de usuario sin privilegios pero el daemon lo ejecutaba el usuario root, era posible que el usuario sin privilegios cambiara el archivo de configuraci\u00f3n y aumentara los permisos cuando el usuario root ejecutaba posteriormente el daemon. La versi\u00f3n 0.9.4 contiene una soluci\u00f3n para el problema."}], "lastModified": "2024-10-17T21:13:37.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:thinkst:opencanary:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5BE78EB-2D89-40F6-AB5A-04468F2BAAD3", "versionEndExcluding": "0.9.4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}