CVE-2024-48911

EPSS 0.19%
Veröffentlicht 14.10.2024 21:15:12
Zuletzt bearbeitet 17.10.2024 21:13:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Thinkst ≫ Opencanary Version < 0.9.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.406

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com	5.8	0	0	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/thinkst/opencanary/commit/2c11575b1a3dd8b0df26a879ba856c0aa350c049

Patch

https://github.com/thinkst/opencanary/releases/tag/v0.9.4

Release Notes

https://github.com/thinkst/opencanary/security/advisories/GHSA-pf5v-pqfv-x8jj

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-48911

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-48911

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-48911

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-48911