Lucene search
PRIOn knowledge basePRION:CVE-2023-0872HistoryAug 14, 2023 - 6:15 p.m.
Privilege escalation
2023-08-1418:15:00
PRIOn knowledge base
www.prio-n.com
7
horizon rest api
privilege escalation
openmns
vulnerability
upgrade
meridian
horizon
installation
private networks
internet
nvd
The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege.Β The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organizationβs private networks and should not be directly accessible from the Internet.
OpenNMS thanksΒ Erik Wynter for reporting this issue.
Related
github
github
OpenNMS privilege elevation vulnerability
2023-08-14 18:32:59
nvd
nvd
CVE-2023-0872
2023-08-14 18:15:10
osv
osv
CVE-2023-0872
2023-08-14 18:15:10
OpenNMS privilege elevation vulnerability
2023-08-14 18:32:59
cve
cve
CVE-2023-0872
2023-08-14 18:15:10
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 03/22/2024
2024-03-22 16:36:04
cvelist
cvelist
zdt
zdt
OpenNMS Horizon 31.0.7 Remote Command Execution Exploit
2024-03-27 00:00:00
packetstorm
packetstorm
OpenNMS Horizon 31.0.7 Remote Command Execution
2024-03-21 00:00:00
metasploit
metasploit
OpenNMS Horizon Authenticated RCE
2023-12-13 16:03:56