Lucene search

GitHub Advisory DatabaseGHSA-W5GQ-XRRP-3FXF

HistoryAug 14, 2023 - 6:32 p.m.

OpenNMS privilege elevation vulnerability

2023-08-1418:32:59

CWE-269

GitHub Advisory Database

github.com

opennms

privilege elevation

horizon rest api

vulnerability

meridian

upgrade

installation

private networks

erik wynter

software

8.2 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Horizon REST API includes a users endpoint in OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization’s private networks and should not be directly accessible from the Internet.

OpenNMS thanks Erik Wynter for reporting this issue.

Affected configurations

Vulners

Node

org.opennms\opennmsMatchwebapp

CPENameOperatorVersion
org.opennms:opennms-webapp-restge31.0.8
org.opennms:opennms-webapp-restlt32.0.2

CPE	Name	Operator	Version
	org.opennms:opennms-webapp-rest	ge	31.0.8
	org.opennms:opennms-webapp-rest	lt	32.0.2

References

docs.opennms.com/horizon/32/releasenotes/changelog.html

github.com/advisories/GHSA-w5gq-xrrp-3fxf

github.com/OpenNMS/opennms/commit/e59b0ddd164cf0598ac0294d11a2d677d9e310b8

github.com/OpenNMS/opennms/pull/6354

nvd.nist.gov/vuln/detail/CVE-2023-0872