CVE-2023-51387 - OpenCVE

Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dromara	Hertzbeat

Configuration 1 [-]

cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md	Release Notes
https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2	Patch
https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-22T20:46:29.236Z

Updated: 2023-12-22T20:46:29.236Z

Reserved: 2023-12-18T19:35:29.003Z

Link: CVE-2023-51387

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-22T21:15:08.790

Modified: 2024-01-03T17:43:59.510

Link: CVE-2023-51387

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-51387", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-18T19:35:29.003Z", "datePublished": "2023-12-22T20:46:29.236Z", "dateUpdated": "2023-12-22T20:46:29.236Z"}, "containers": {"cna": {"title": "Expression Injection Vulnerability in Hertzbeat", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj"}, {"name": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2", "tags": ["x_refsource_MISC"], "url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2"}, {"name": "https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md", "tags": ["x_refsource_MISC"], "url": "https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md"}], "affected": [{"vendor": "dromara", "product": "hertzbeat", "versions": [{"version": "< 1.4.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-22T20:46:29.236Z"}, "descriptions": [{"lang": "en", "value": "Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1."}], "source": {"advisory": "GHSA-4576-m8px-w9qj", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA9DA6B7-E31D-4037-BB20-38E777BF59BF", "versionEndExcluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1."}, {"lang": "es", "value": "Hertzbeat es un sistema de monitoreo en tiempo real de c\u00f3digo abierto. Hertzbeat utiliza aviatorscript para evaluar expresiones de alerta. Se supone que las expresiones de alerta son expresiones simples. Sin embargo, debido a una sanitizaci\u00f3n inadecuada de las expresiones de alerta en versiones anteriores a la 1.4.1, un usuario malintencionado puede utilizar una expresi\u00f3n de alerta manipulada para ejecutar cualquier comando en el servidor hertzbeat. Un usuario malintencionado que tenga acceso a la funci\u00f3n de definici\u00f3n de alertas puede ejecutar cualquier comando en la instancia de Hertzbeat. Este problema se solucion\u00f3 en la versi\u00f3n 1.4.1."}], "id": "CVE-2023-51387", "lastModified": "2024-01-03T17:43:59.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-12-22T21:15:08.790", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Primary"}]}