CVE-2023-51653

Exploit

EPSS 5.94%
Published 22.02.2024 16:15:53
Last modified 16.01.2025 19:04:56
Source security-advisories@github.com
Teams watchlist Login
Open Login

Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will be used by default. When the URL is `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, it can be exploited to cause remote code execution. Version 1.4.1 contains a fix for this issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Hertzbeat Version < 1.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.94%	0.903

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef

Patch

https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-51653

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-51653

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-51653

EUVD