OpenCVE

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ledgersmb	Ledgersmb

Configuration 1 [-]

OR	cpe:2.3:a:ledgersmb:ledgersmb::::::::
	cpe:2.3:a:ledgersmb:ledgersmb::::::::

No data.

References

Link	Providers
https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165
https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-02T15:34:12.121Z

Updated: 2024-08-21T15:39:55.803Z

Reserved: 2024-01-22T22:23:54.339Z

Link: CVE-2024-23831

Vulnrichment

Updated: 2024-08-01T23:13:07.975Z

NVD

Status : Modified

Published: 2024-02-02T16:15:55.593

Modified: 2024-11-21T08:58:30.993

Link: CVE-2024-23831

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23831", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-22T22:23:54.339Z", "datePublished": "2024-02-02T15:34:12.121Z", "dateUpdated": "2024-08-21T15:39:55.803Z"}, "containers": {"cna": {"title": "Privilege escalation through CSRF attack on 'setup.pl'", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm"}, {"name": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165", "tags": ["x_refsource_MISC"], "url": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165"}], "affected": [{"vendor": "ledgersmb", "product": "LedgerSMB", "versions": [{"version": "< 1.10.30", "status": "affected"}, {"version": ">= 1.11.0, < 1.11.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-02T15:34:12.121Z"}, "descriptions": [{"lang": "en", "value": "LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.\n"}], "source": {"advisory": "GHSA-98ff-f638-qxjm", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.975Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm"}, {"name": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165"}]}, {"affected": [{"vendor": "ledgersmb", "product": "ledgersmb", "cpes": ["cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.11.0", "status": "affected", "lessThan": "1.11.9", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "1.10.30", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T15:37:19.047670Z", "id": "CVE-2024-23831", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T15:39:55.803Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm", "name": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165", "name": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.975Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23831", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-21T15:37:19.047670Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*"], "vendor": "ledgersmb", "product": "ledgersmb", "versions": [{"status": "affected", "version": "1.11.0", "lessThan": "1.11.9", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "1.10.30", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T15:39:30.911Z"}}], "cna": {"title": "Privilege escalation through CSRF attack on 'setup.pl'", "source": {"advisory": "GHSA-98ff-f638-qxjm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ledgersmb", "product": "LedgerSMB", "versions": [{"status": "affected", "version": "< 1.10.30"}, {"status": "affected", "version": ">= 1.11.0, < 1.11.9"}]}], "references": [{"url": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm", "name": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165", "name": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-02T15:34:12.121Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23831", "state": "PUBLISHED", "dateUpdated": "2024-08-21T15:39:55.803Z", "dateReserved": "2024-01-22T22:23:54.339Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-02-02T15:34:12.121Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "E75E01ED-83A6-4BEF-BCCE-3DC1A99C0F90", "versionEndExcluding": "1.10.30", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BAB4653-68D6-4094-8E16-62DD69A1BAA1", "versionEndExcluding": "1.11.9", "versionStartIncluding": "1.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.\n"}, {"lang": "es", "value": "LedgerSMB es un sistema de contabilidad por partida doble gratuito basado en la web. Cuando un administrador de base de datos LedgerSMB tiene una sesi\u00f3n activa en /setup.pl, un atacante puede enga\u00f1ar al administrador para que haga clic en un enlace que env\u00eda autom\u00e1ticamente una solicitud a setup.pl sin el consentimiento del administrador. Esta solicitud se puede utilizar para crear una nueva cuenta de usuario con privilegios completos de aplicaci\u00f3n (/login.pl), lo que lleva a una escalada de privilegios. La vulnerabilidad est\u00e1 parcheada en las versiones 1.10.30 y 1.11.9."}], "id": "CVE-2024-23831", "lastModified": "2024-11-21T08:58:30.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-02T16:15:55.593", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}