{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3408", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-05T19:26:41.533Z", "datePublished": "2024-06-06T18:54:43.713Z", "dateUpdated": "2024-11-03T18:27:22.142Z"}, "containers": {"cna": {"title": "Authentication Bypass and RCE in man-group/dtale", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-11-03T18:27:22.142Z"}, "descriptions": [{"lang": "en", "value": "man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server."}], "affected": [{"vendor": "man-group", "product": "man-group/dtale", "versions": [{"version": "unspecified", "lessThan": "3.13.1", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/57a06666-ff85-4577-af19-f3dfb7b02f91"}, {"url": "https://github.com/man-group/dtale/commit/32bd6fb4a63de779ff1e51823a456865ea3cbd13"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-798 Use of Hard-coded Credentials", "cweId": "CWE-798"}]}], "source": {"advisory": "57a06666-ff85-4577-af19-f3dfb7b02f91", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "man-group", "product": "dtale", "cpes": ["cpe:2.3:a:man-group:dtale:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.10.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-06T19:31:56.326871Z", "id": "CVE-2024-3408", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T19:34:27.320Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.312Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/57a06666-ff85-4577-af19-f3dfb7b02f91", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/57a06666-ff85-4577-af19-f3dfb7b02f91", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.312Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3408", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-06T19:31:56.326871Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:man-group:dtale:*:*:*:*:*:*:*:*"], "vendor": "man-group", "product": "dtale", "versions": [{"status": "affected", "version": "3.10.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T19:34:22.163Z"}}], "cna": {"title": "Authentication Bypass and RCE in man-group/dtale", "source": {"advisory": "57a06666-ff85-4577-af19-f3dfb7b02f91", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "man-group", "product": "man-group/dtale", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "3.13.1", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/57a06666-ff85-4577-af19-f3dfb7b02f91"}, {"url": "https://github.com/man-group/dtale/commit/32bd6fb4a63de779ff1e51823a456865ea3cbd13"}], "descriptions": [{"lang": "en", "value": "man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-11-03T18:27:22.142Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3408", "state": "PUBLISHED", "dateUpdated": "2024-11-03T18:27:22.142Z", "dateReserved": "2024-04-05T19:26:41.533Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-06T18:54:43.713Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:man:d-tale:3.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "70791772-1BB6-4BEE-A4ED-5DD62532E3C3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server."}, {"lang": "es", "value": "man-group/dtale versi\u00f3n 3.10.0 es vulnerable a una omisi\u00f3n de autenticaci\u00f3n y ejecuci\u00f3n remota de c\u00f3digo (RCE) debido a una validaci\u00f3n de entrada incorrecta. La vulnerabilidad surge de una `SECRET_KEY` codificada en la configuraci\u00f3n del matraz, lo que permite a los atacantes falsificar una cookie de sesi\u00f3n si la autenticaci\u00f3n est\u00e1 habilitada. Adem\u00e1s, la aplicaci\u00f3n no puede restringir adecuadamente las consultas de filtro personalizado, lo que permite a los atacantes ejecutar c\u00f3digo arbitrario en el servidor evitando la restricci\u00f3n en el endpoint `/update-settings`, incluso cuando `enable_custom_filters` no est\u00e1 habilitado. Esta vulnerabilidad permite a los atacantes eludir los mecanismos de autenticaci\u00f3n y ejecutar c\u00f3digo remoto en el servidor."}], "id": "CVE-2024-3408", "lastModified": "2024-11-21T09:29:32.273", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-06T19:16:01.890", "references": [{"source": "security@huntr.dev", "url": "https://github.com/man-group/dtale/commit/32bd6fb4a63de779ff1e51823a456865ea3cbd13"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/57a06666-ff85-4577-af19-f3dfb7b02f91"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/57a06666-ff85-4577-af19-f3dfb7b02f91"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}