CVE-2024-47528

Improper Encoding or Escaping of Output (CWE-116)

Published: Oct 1, 2024 / Updated: 49d ago

010
CVSS 5.1EPSS 0.04%Medium
CVE info copied to clipboard

Summary

LibreNMS, an open-source network monitoring system, contains a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability is present in the custom map background upload feature. Users with "admin" role can upload SVG files as backgrounds for custom maps, which can contain XSS payloads that will execute when the map is loaded.

Impact

This vulnerability allows attackers to inject malicious scripts into the LibreNMS application. When other users view the affected custom map, the malicious script will execute in their browser context. This can lead to various attacks such as stealing session cookies, capturing user input, or performing unauthorized actions on behalf of the victim. The impact is somewhat limited as it requires an attacker to have admin privileges to upload the malicious SVG file, but it can affect multiple users who view the compromised map.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been fixed in LibreNMS version 24.9.0.

Mitigation

1. Update LibreNMS to version 24.9.0 or later. 2. If immediate updating is not possible, restrict access to the custom map background upload feature to trusted administrators only. 3. Implement strict input validation and sanitization for all file uploads, especially for SVG files. 4. Consider implementing Content Security Policy (CSP) headers to mitigate the risk of XSS attacks. 5. Regularly audit user roles and permissions, ensuring the principle of least privilege is followed.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

Vendor Advisory

GitHub Advisories released a security advisory.

Oct 1, 2024 at 7:31 PM
CVE Assignment

NVD published the first details for CVE-2024-47528

Oct 1, 2024 at 9:15 PM
First Article

Feedly found the first article mentioning CVE-2024-47528. See article

Oct 1, 2024 at 9:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 1, 2024 at 9:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Oct 2, 2024 at 10:19 AM
CVSS

A CVSS base score of 5.4 has been assigned.

Oct 2, 2024 at 1:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Librenms/librenms
+null more

Patches

Github Advisory
+null more

Links to Mitre Att&cks

T1574.010: Services File Permissions Weakness
+null more

Attack Patterns

CAPEC-104: Cross Zone Scripting
+null more

Vendor Advisory

[GHSA-x8gm-j36p-fppf] LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger onload. Once uploaded, there should be a link to the SVG return in the POST request to the API "$URL/maps/custom/1/background".

News

CVE-2024-47528
Medium Severity Description LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0. Read more at https://www.tenable.com/cve/CVE-2024-47528
CVE-2024-47528
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score) Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load.
CVE-2024-47528 | LibreNMS up to 24.8.x Background cross site scripting (GHSA-x8gm-j36p-fppf)
A vulnerability was found in LibreNMS up to 24.8.x . It has been declared as problematic . This vulnerability affects unknown code of the component Background Handler . The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-47528 . The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
[GHSA-x8gm-j36p-fppf] LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger onload. Once uploaded, there should be a link to the SVG return in the POST request to the API "$URL/maps/custom/1/background".
CVE-2024-47528
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in...
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:Low
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI