CVE-2024-47180

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

Published: Sep 26, 2024 / Updated: 54d ago

010
CVSS 8.8EPSS 0.05%High
CVE info copied to clipboard

Summary

Shields.io and self-hosted instances of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability allows any user with access to make a request to a URL on the instance to execute code by crafting a malicious JSONPath expression.

Impact

This vulnerability could allow attackers to execute arbitrary code on affected systems. Given the high impact on confidentiality, integrity, and availability, it could lead to unauthorized access, data manipulation, or service disruption. The attack vector is network-based, requires low attack complexity, and only low privileges, making it relatively easy to exploit.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been fixed in version `server-2024-09-25`. Users who follow tagged releases should update to `server-2024-09-25` or later. Those who follow the rolling tag on DockerHub can run `docker pull shieldsio/shields:next` to update to the latest version.

Mitigation

1. Update to version `server-2024-09-25` or later. 2. For those unable to update immediately, a workaround is available: block access to the endpoints `/badge/dynamic/json`, `/badge/dynamic/toml`, and `/badge/dynamic/yaml` using a firewall or reverse proxy in front of your instance. 3. Regularly monitor for and apply security updates. 4. Implement network segmentation and access controls to limit potential exposure.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-47180

Sep 26, 2024 at 8:15 PM
CVSS

A CVSS base score of 8.8 has been assigned.

Sep 26, 2024 at 8:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-47180. See article

Sep 26, 2024 at 8:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 26, 2024 at 8:24 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.3%)

Sep 27, 2024 at 9:37 AM
Static CVE Timeline Graph

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

Security Bulletin 02 Oct 2024 - Cyber Security Agency of Singapore
This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing ...
CVE-2024-47180
High Severity Description Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version Read more at https://www.tenable.com/cve/CVE-2024-47180
NA - CVE-2024-47180 - Shields.io is a service for concise,...
Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are...
CVE-2024-47180 | badges shields prior server-2024-09-25 injection
A vulnerability classified as very critical has been found in badges shields . Affected is an unknown function. The manipulation leads to injection. This vulnerability is traded as CVE-2024-47180 . It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-47180 - Shields.io Dynamic Badge JSONPath Remote Code Execution
CVE ID : CVE-2024-47180 Published : Sept. 26, 2024, 8:15 p.m. 1 day, 2 hours ago Description : Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version Severity: 8.8 HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI