CVE-2023-48294 (GCVE-0-2023-48294)
Vulnerability from cvelistv5 – Published: 2023-11-17 21:12 – Updated: 2024-08-02 21:23
VLAI
Title
Broken Access control on Graphs Feature in LibreNMS
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
4.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/librenms/librenms/security/adv… | x_refsource_CONFIRM |
| https://github.com/librenms/librenms/commit/48997… | x_refsource_MISC |
| https://github.com/librenms/librenms/blob/fa93034… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4"
},
{
"name": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf"
},
{
"name": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 23.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T21:12:59.642Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4"
},
{
"name": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf"
},
{
"name": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2"
}
],
"source": {
"advisory": "GHSA-fpq5-4vwm-78x4",
"discovery": "UNKNOWN"
},
"title": "Broken Access control on Graphs Feature in LibreNMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48294",
"datePublished": "2023-11-17T21:12:59.642Z",
"dateReserved": "2023-11-14T17:41:15.570Z",
"dateUpdated": "2024-08-02T21:23:39.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-48294",
"date": "2026-06-02",
"epss": "0.00024",
"percentile": "0.06929"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-48294\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-11-17T22:15:08.010\",\"lastModified\":\"2024-11-21T08:31:25.490\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"},{\"lang\":\"es\",\"value\":\"LibreNMS es un monitor de red basado en PHP/MySQL/SNMP con descubrimiento autom\u00e1tico que incluye soporte para una amplia gama de hardware de red y sistemas operativos. En las versiones afectadas de LibreNMS, cuando un usuario accede al panel de su dispositivo, se env\u00eda una solicitud a `graph.php` para acceder a los gr\u00e1ficos generados en el dispositivo en particular. Un usuario con privilegios bajos puede acceder a esta solicitud y puede enumerar dispositivos en librenms con su identificaci\u00f3n o nombre de host. Aprovechando esta vulnerabilidad, un usuario con privilegios bajos puede ver todos los dispositivos registrados por los usuarios administradores. Esta vulnerabilidad se solucion\u00f3 en el commit `489978a923` que se incluy\u00f3 en la versi\u00f3n 23.11.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"23.11.0\",\"matchCriteriaId\":\"24B09F58-7CE2-470F-8F5B-6771753682A6\"}]}]}],\"references\":[{\"url\":\"https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2023-48294
Vulnerability from fkie_nvd - Published: 2023-11-17 22:15 - Updated: 2024-11-21 08:31
Severity
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B09F58-7CE2-470F-8F5B-6771753682A6",
"versionEndExcluding": "23.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "LibreNMS es un monitor de red basado en PHP/MySQL/SNMP con descubrimiento autom\u00e1tico que incluye soporte para una amplia gama de hardware de red y sistemas operativos. En las versiones afectadas de LibreNMS, cuando un usuario accede al panel de su dispositivo, se env\u00eda una solicitud a `graph.php` para acceder a los gr\u00e1ficos generados en el dispositivo en particular. Un usuario con privilegios bajos puede acceder a esta solicitud y puede enumerar dispositivos en librenms con su identificaci\u00f3n o nombre de host. Aprovechando esta vulnerabilidad, un usuario con privilegios bajos puede ver todos los dispositivos registrados por los usuarios administradores. Esta vulnerabilidad se solucion\u00f3 en el commit `489978a923` que se incluy\u00f3 en la versi\u00f3n 23.11.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-48294",
"lastModified": "2024-11-21T08:31:25.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T22:15:08.010",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-FPQ5-4VWM-78X4
Vulnerability from github – Published: 2023-11-17 21:51 – Updated: 2023-11-20 22:06
VLAI
Summary
LibreNMS has Broken Access control on Graphs Feature
Details
Summary
This vulnerability occurs when application is not checking access of each type of users as per their role and it autorizing the users to access any feature. When user access his Device dashboard in librenms, one request is going to graph.php to access image of graphs generated on the particular Device. This request can be accessed by lower privileged users as well and they can enumerate devices on librenms with their id or hostname.
Details
Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.
PoC
- Login with Lower privilege user
- Go to /graph.php?width=150&height=45&device=1&type=device_ping_perf&from=1699022192&legend=no&bg=FFFFFF00&popup_title=ICMP+Response
- If its showing image with "device*ping_perf" which confirms that there is device with id 1
-
Now you can change device parameter in above URL with hostname to check if that Hostname/IP exist or not like http://127.0.0.1:8000/graph.php?width=150&height=45&device=127.0.0.1&type=device_ping_perf&from=1699022192&legend=no&bg=FFFFFF00&popup_title=ICMP+Response
-
If device hostname doesn't exist then it should show 500 error
Check attached screenshots for more info
Vulnerable code: https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2
Above is vulnerable line of code from Line number 19-25 This is not checking privilege of users to access any device hostname, its just checking if user is authenticated or not
Impact
Low privilege users can see all devices registered by admin users by using this method
Solution
Implement privilege access control feature to check if low privilege user have access or not.
Screenshots:-
Severity
4.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "librenms/librenms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "23.11.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-48294"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-17T21:51:57Z",
"nvd_published_at": "2023-11-17T22:15:08Z",
"severity": "MODERATE"
},
"details": "### Summary\nThis vulnerability occurs when application is not checking access of each type of users as per their role and it autorizing the users to access any feature. When user access his Device dashboard in librenms, one request is going to graph.php to access image of graphs generated on the particular Device. This request can be accessed by lower privileged users as well and they can enumerate devices on librenms with their id or hostname.\n\n### Details\n_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._\n\n### PoC\n1. Login with Lower privilege user\n2. Go to /graph.php?width=150\u0026height=45\u0026device=1\u0026type=device_ping_perf\u0026from=1699022192\u0026legend=no\u0026bg=FFFFFF00\u0026popup_title=ICMP+Response\n3. If its showing image with \"device*ping_perf\" which confirms that there is device with id 1\n4. Now you can change device parameter in above URL with hostname to check if that Hostname/IP exist or not like\nhttp://127.0.0.1:8000/graph.php?width=150\u0026height=45\u0026device=127.0.0.1\u0026type=device_ping_perf\u0026from=1699022192\u0026legend=no\u0026bg=FFFFFF00\u0026popup_title=ICMP+Response\n\n5. If device hostname doesn\u0027t exist then it should show 500 error\n\nCheck attached screenshots for more info\n\nVulnerable code:\nhttps://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2\n\nAbove is vulnerable line of code from Line number 19-25\nThis is not checking privilege of users to access any device hostname, its just checking if user is authenticated \nor not\n\n\n### Impact\nLow privilege users can see all devices registered by admin users by using this method\n\n### Solution\nImplement privilege access control feature to check if low privilege user have access or not.\n\n### Screenshots:-\n\u003cimg width=\"967\" alt=\"Screenshot 2023-11-04 at 8 31 15\u202fPM\" src=\"https://user-images.githubusercontent.com/31764504/281085588-1c5d81b9-83d7-4ba8-baf3-03c95a99cefe.png\"\u003e\n\u003cimg width=\"973\" alt=\"Screenshot 2023-11-04 at 8 31 36\u202fPM\" src=\"https://user-images.githubusercontent.com/31764504/281085614-7a4d13b0-d316-4d24-bdd2-05c3a80ffd59.png\"\u003e\n\u003cimg width=\"955\" alt=\"Screenshot 2023-11-04 at 8 31 48\u202fPM\" src=\"https://user-images.githubusercontent.com/31764504/281085629-43aa2b6f-7b18-415f-8001-519bda45f918.png\"\u003e\n\n",
"id": "GHSA-fpq5-4vwm-78x4",
"modified": "2023-11-20T22:06:40Z",
"published": "2023-11-17T21:51:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48294"
},
{
"type": "WEB",
"url": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf"
},
{
"type": "PACKAGE",
"url": "https://github.com/librenms/librenms"
},
{
"type": "WEB",
"url": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "LibreNMS has Broken Access control on Graphs Feature"
}
GSD-2023-48294
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-48294",
"id": "GSD-2023-48294"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-48294"
],
"details": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"id": "GSD-2023-48294",
"modified": "2023-12-13T01:20:39.783325Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-48294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 23.11.0"
}
]
}
}
]
},
"vendor_name": "librenms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-200",
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4"
},
{
"name": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf"
},
{
"name": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2"
}
]
},
"source": {
"advisory": "GHSA-fpq5-4vwm-78x4",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.11.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-48294"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4",
"refsource": "",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4"
},
{
"name": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf",
"refsource": "",
"tags": [
"Patch"
],
"url": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf"
},
{
"name": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2",
"refsource": "",
"tags": [
"Product"
],
"url": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-11-29T20:53Z",
"publishedDate": "2023-11-17T22:15Z"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…