CVE-2023-1719 - OpenCVE

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Bitrix24	Bitrix24

Configuration 1 [-]

cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*

References

Link	Resource
https://starlabs.sg/advisories/23/23-1719/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: STAR_Labs

Published: 2023-11-01T09:04:19.695Z

Updated: 2023-11-01T09:04:19.695Z

Reserved: 2023-03-30T09:19:45.104Z

Link: CVE-2023-1719

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-01T10:15:09.373

Modified: 2023-11-09T20:52:06.307

Link: CVE-2023-1719

JSON object: View

Redhat Information

No data.

CWE

CWE-665

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-1719", "assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69", "state": "PUBLISHED", "assignerShortName": "STAR_Labs", "dateReserved": "2023-03-30T09:19:45.104Z", "datePublished": "2023-11-01T09:04:19.695Z", "dateUpdated": "2023-11-01T09:04:19.695Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Bitrix24", "programFiles": ["file:bitrix/modules/main/tools.php"], "vendor": "Bitrix24", "versions": [{"lessThanOrEqual": "22.0.300", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lam Jun Rong & Li Jiantao of STAR Labs SG Pte. Ltd. (@starlabs_sg)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables."}], "value": "Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}, {"capecId": "CAPEC-77", "descriptions": [{"lang": "en", "value": "CAPEC-77 Manipulating User-Controlled Variables"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-665", "description": "CWE-665 Improper Initialization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b1571b85-cbc9-431f-830b-0c8155323a69", "shortName": "STAR_Labs", "dateUpdated": "2023-11-01T09:04:19.695Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://starlabs.sg/advisories/23/23-1719/"}], "source": {"discovery": "UNKNOWN"}, "title": "Bitrix24 Insecure Global Variable Extraction", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*", "matchCriteriaId": "D47D6185-F86F-4402-85C1-C0A0EAE09B0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables."}, {"lang": "es", "value": "La extracci\u00f3n de variables globales en bitrix/modules/main/tools.php en Bitrix24 22.0.300 permite a atacantes remotos no autenticados (1) enumerar archivos adjuntos en el servidor y (2) ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima, y posiblemente ejecutar c\u00f3digo PHP arbitrario en el servidor si la v\u00edctima tiene privilegios de administrador, sobrescribiendo variables no inicializadas."}], "id": "CVE-2023-1719", "lastModified": "2023-11-09T20:52:06.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@starlabs.sg", "type": "Secondary"}]}, "published": "2023-11-01T10:15:09.373", "references": [{"source": "info@starlabs.sg", "tags": ["Exploit", "Third Party Advisory"], "url": "https://starlabs.sg/advisories/23/23-1719/"}], "sourceIdentifier": "info@starlabs.sg", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-665"}], "source": "info@starlabs.sg", "type": "Secondary"}]}