Lucene search

GoogleOSV:CVE-2024-32479

HistoryApr 22, 2024 - 10:15 p.m.

CVE-2024-32479

2024-04-2222:15:08

Google

osv.dev

librenms

php

mysql

snmp

network monitoring

vulnerability

cross-site scripting

service template

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.

CPENameOperatorVersion
librenmseq1.70.1
librenmseq201607
librenmseq1.30.01
librenmseq22.8.0
librenmseq23.1.0
librenmseq1.31.03
librenmseq1.38
librenmseq23.9.1
librenmseq201509
librenmseq1.27

Name	Operator	Version
librenms	eq	1.70.1
librenms	eq	201607
librenms	eq	1.30.01
librenms	eq	22.8.0
librenms	eq	23.1.0
librenms	eq	1.31.03
librenms	eq	1.38
librenms	eq	23.9.1
librenms	eq	201509
librenms	eq	1.27

Rows per page:

1-10 of 1211

References

github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23

github.com/librenms/librenms/commit/19344f0584d4d6d4526fdf331adc60530e3f685b

github.com/librenms/librenms/security/advisories/GHSA-72m9-7c8x-pmmw

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

Related for OSV:CVE-2024-32479