CVE-2024-23831 - OpenCVE

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ledgersmb	Ledgersmb

Configuration 1 [-]

OR	cpe:2.3:a:ledgersmb:ledgersmb::::::::
	cpe:2.3:a:ledgersmb:ledgersmb::::::::

References

Link	Resource
https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165	Patch
https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-02T15:34:12.121Z

Updated: 2024-02-02T15:34:12.121Z

Reserved: 2024-01-22T22:23:54.339Z

Link: CVE-2024-23831

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-02-02T16:15:55.593

Modified: 2024-02-10T01:43:51.527

Link: CVE-2024-23831

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-23831", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-22T22:23:54.339Z", "datePublished": "2024-02-02T15:34:12.121Z", "dateUpdated": "2024-02-02T15:34:12.121Z"}, "containers": {"cna": {"title": "Privilege escalation through CSRF attack on 'setup.pl'", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm"}, {"name": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165", "tags": ["x_refsource_MISC"], "url": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165"}], "affected": [{"vendor": "ledgersmb", "product": "LedgerSMB", "versions": [{"version": "< 1.10.30", "status": "affected"}, {"version": ">= 1.11.0, < 1.11.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-02T15:34:12.121Z"}, "descriptions": [{"lang": "en", "value": "LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.\n"}], "source": {"advisory": "GHSA-98ff-f638-qxjm", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "E75E01ED-83A6-4BEF-BCCE-3DC1A99C0F90", "versionEndExcluding": "1.10.30", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BAB4653-68D6-4094-8E16-62DD69A1BAA1", "versionEndExcluding": "1.11.9", "versionStartIncluding": "1.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.\n"}, {"lang": "es", "value": "LedgerSMB es un sistema de contabilidad por partida doble gratuito basado en la web. Cuando un administrador de base de datos LedgerSMB tiene una sesi\u00f3n activa en /setup.pl, un atacante puede enga\u00f1ar al administrador para que haga clic en un enlace que env\u00eda autom\u00e1ticamente una solicitud a setup.pl sin el consentimiento del administrador. Esta solicitud se puede utilizar para crear una nueva cuenta de usuario con privilegios completos de aplicaci\u00f3n (/login.pl), lo que lleva a una escalada de privilegios. La vulnerabilidad est\u00e1 parcheada en las versiones 1.10.30 y 1.11.9."}], "id": "CVE-2024-23831", "lastModified": "2024-02-10T01:43:51.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-02-02T16:15:55.593", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Secondary"}]}