CVE-2024-23831

2024-02-0216:15:55

Debian Security Bug Tracker

security-tracker.debian.org

ledgersmb

privilege escalation

setup.pl

web-based

accounting system

vulnerability

active session

admin

new user account

patch

versions

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

24.3%

JSON

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin’s consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.

OSVersionArchitecturePackageVersionFilename
Debian12allledgersmb<= 1.6.33+ds-2.1ledgersmb_1.6.33+ds-2.1_all.deb
Debian11allledgersmb<= 1.6.9+ds-2+deb11u3ledgersmb_1.6.9+ds-2+deb11u3_all.deb
Debian10allledgersmb<= 1.6.9+ds-1+deb10u3ledgersmb_1.6.9+ds-1+deb10u3_all.deb
Debian999allledgersmb<= 1.6.33+ds-2.2ledgersmb_1.6.33+ds-2.2_all.deb
Debian13allledgersmb<= 1.6.33+ds-2.2ledgersmb_1.6.33+ds-2.2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ledgersmb	<= 1.6.33+ds-2.1	ledgersmb_1.6.33+ds-2.1_all.deb
Debian	11	all	ledgersmb	<= 1.6.9+ds-2+deb11u3	ledgersmb_1.6.9+ds-2+deb11u3_all.deb
Debian	10	all	ledgersmb	<= 1.6.9+ds-1+deb10u3	ledgersmb_1.6.9+ds-1+deb10u3_all.deb
Debian	999	all	ledgersmb	<= 1.6.33+ds-2.2	ledgersmb_1.6.33+ds-2.2_all.deb
Debian	13	all	ledgersmb	<= 1.6.33+ds-2.2	ledgersmb_1.6.33+ds-2.2_all.deb