CVE-2023-38880 - OpenCVE

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sql" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Os4ed	Opensis

Configuration 1 [-]

cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*

References

Link	Resource
https://github.com/OS4ED/openSIS-Classic	Product
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880	Third Party Advisory
https://www.os4ed.com/	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-20T00:00:00

Updated: 2023-11-29T22:48:58.783202

Reserved: 2023-07-25T00:00:00

Link: CVE-2023-38880

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-20T19:15:08.600

Modified: 2023-11-30T02:21:35.757

Link: CVE-2023-38880

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*", "matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of \"opensisBackup<date>.sql\" (e.g. \"opensisBackup07-20-2023.sql\"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes."}, {"lang": "es", "value": "La versi\u00f3n Community Edition 9.0 de openSIS Classic de OS4ED tiene una vulnerabilidad de control de acceso rota en la funcionalidad de copia de seguridad de la base de datos. Siempre que un administrador genera una copia de seguridad de la base de datos, la copia de seguridad se almacena en la ra\u00edz web mientras el nombre del archivo tiene el formato \"opensisBackup.sq|\" (p. ej., \"opensisBackup07-20-2023.sql\"), es decir, se puede adivinar f\u00e1cilmente. Cualquier actor no autenticado puede acceder a este archivo y contiene un volcado de toda la base de datos, incluidos los hashes de contrase\u00f1as."}], "id": "CVE-2023-38880", "lastModified": "2023-11-30T02:21:35.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-20T19:15:08.600", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/OS4ED/openSIS-Classic"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.os4ed.com/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}