CVE-2023-51387 - OpenCVE

Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Hertzbeat

Configuration 1 [-]

cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md
https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2
https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj

History

Wed, 28 Aug 2024 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache hertzbeat
CPEs	cpe:2.3:a:dromara:hertzbeat::::::::	cpe:2.3:a:apache:hertzbeat::::::::
Vendors & Products	Dromara Dromara hertzbeat	Apache Apache hertzbeat

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-22T20:46:29.236Z

Updated: 2024-08-02T22:32:09.067Z

Reserved: 2023-12-18T19:35:29.003Z

Link: CVE-2023-51387

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-22T21:15:08.790

Modified: 2024-08-28T15:44:19.793

Link: CVE-2023-51387

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-51387", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-18T19:35:29.003Z", "datePublished": "2023-12-22T20:46:29.236Z", "dateUpdated": "2024-08-02T22:32:09.067Z"}, "containers": {"cna": {"title": "Expression Injection Vulnerability in Hertzbeat", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj"}, {"name": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2", "tags": ["x_refsource_MISC"], "url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2"}, {"name": "https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md", "tags": ["x_refsource_MISC"], "url": "https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md"}], "affected": [{"vendor": "dromara", "product": "hertzbeat", "versions": [{"version": "< 1.4.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-22T20:46:29.236Z"}, "descriptions": [{"lang": "en", "value": "Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1."}], "source": {"advisory": "GHSA-4576-m8px-w9qj", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:09.067Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj"}, {"name": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2"}, {"name": "https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B4E8400-424B-4FCB-81C8-5D559B146130", "versionEndExcluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1."}, {"lang": "es", "value": "Hertzbeat es un sistema de monitoreo en tiempo real de c\u00f3digo abierto. Hertzbeat utiliza aviatorscript para evaluar expresiones de alerta. Se supone que las expresiones de alerta son expresiones simples. Sin embargo, debido a una sanitizaci\u00f3n inadecuada de las expresiones de alerta en versiones anteriores a la 1.4.1, un usuario malintencionado puede utilizar una expresi\u00f3n de alerta manipulada para ejecutar cualquier comando en el servidor hertzbeat. Un usuario malintencionado que tenga acceso a la funci\u00f3n de definici\u00f3n de alertas puede ejecutar cualquier comando en la instancia de Hertzbeat. Este problema se solucion\u00f3 en la versi\u00f3n 1.4.1."}], "id": "CVE-2023-51387", "lastModified": "2024-08-28T15:44:19.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-12-22T21:15:08.790", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Primary"}]}