CVE-2020-26574 - OpenCVE

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Leostream	Connection Broker

Configuration 1 [-]

cpe:2.3:a:leostream:connection_broker:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://adepts.of0x.cc/leostream-xss-to-rce/
https://www.leostream.com/resources/product-lifecycle/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-06T14:32:24

Updated: 2024-08-04T15:56:04.982Z

Reserved: 2020-10-06T00:00:00

Link: CVE-2020-26574

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-06T15:15:15.490

Modified: 2024-08-04T16:15:48.077

Link: CVE-2020-26574

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-06T14:32:24", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://adepts.of0x.cc/leostream-xss-to-rce/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.leostream.com/resources/product-lifecycle/"}], "tags": ["unsupported-when-assigned"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-26574", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://adepts.of0x.cc/leostream-xss-to-rce/", "refsource": "MISC", "url": "https://adepts.of0x.cc/leostream-xss-to-rce/"}, {"name": "https://www.leostream.com/resources/product-lifecycle/", "refsource": "MISC", "url": "https://www.leostream.com/resources/product-lifecycle/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:56:04.982Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://adepts.of0x.cc/leostream-xss-to-rce/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.leostream.com/resources/product-lifecycle/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26574", "datePublished": "2020-10-06T14:32:24", "dateReserved": "2020-10-06T00:00:00", "dateUpdated": "2024-08-04T15:56:04.982Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:leostream:connection_broker:*:*:*:*:*:*:*:*", "matchCriteriaId": "949E13FF-730E-4510-B1C4-D99B12756246", "versionEndIncluding": "8.2.73", "versionStartIncluding": "8.2.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"}, {"lang": "es", "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Leostream Connection Broker versi\u00f3n 8.2.x est\u00e1 afectado por una vulnerabilidad de tipo XSS almacenado. Un atacante no autenticado puede inyectar c\u00f3digo JavaScript arbitrario por medio del encabezado HTTP User-Agent del archivo webquery.pl. Es procesado por los administradores la pr\u00f3xima vez que inician sesi\u00f3n. El JavaScript inyectado puede ser usado para obligar al administrador a cargar un script Perl malicioso que ser\u00e1 ejecutado como root mediante la funci\u00f3n libMisc::browser_client. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor"}], "id": "CVE-2020-26574", "lastModified": "2024-08-04T16:15:48.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-06T15:15:15.490", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://adepts.of0x.cc/leostream-xss-to-rce/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.leostream.com/resources/product-lifecycle/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}