7.6
CVE-2022-4068
- EPSS 33.97%
- Veröffentlicht 20.11.2022 05:15:12
- Zuletzt bearbeitet 21.11.2024 07:34:32
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
LoginImproperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 33.97% | 0.982 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| security@huntr.dev | 7.6 | 2.1 | 5.5 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1
https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc