CVE-2024-3798 - OpenCVE

Link	Providers
https://cert.pl/en/posts/2024/07/CVE-2024-3798
https://cert.pl/posts/2024/07/CVE-2024-3798
https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3798", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2024-04-15T10:51:28.994Z", "datePublished": "2024-07-10T11:59:10.637Z", "dateUpdated": "2024-08-01T20:20:01.949Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Phoniebox", "programFiles": ["htdocs/api/playlist/playsinglefile.php"], "repo": "https://github.com/MiczFlor/RPi-Jukebox-RFID", "vendor": "Phoniebox", "versions": [{"lessThanOrEqual": "2.7", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "*", "status": "unaffected", "version": "3.0", "versionType": "semver"}]}], "datePublic": "2024-04-15T11:55:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery. This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable.  Phoniebox in version 3.0 and higher are not affected. "}], "value": "Insecure handling of GET header parameter file\u00a0included in requests being sent to an instance of the\u00a0open-source project\u00a0Phoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send malicious\u00a0requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery.\n\n\nThis issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable.\u00a0\nPhoniebox in version 3.0 and higher are not affected."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}, {"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}, {"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-07-12T09:25:17.347Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/07/CVE-2024-3798"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/07/CVE-2024-3798"}, {"tags": ["issue-tracking"], "url": "https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_open-source"], "title": "Insecure handling of GET argument in Phoniebox", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "sourcefabric", "product": "phoniebox", "cpes": ["cpe:2.3:a:sourcefabric:phoniebox:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.7", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-10T14:46:26.554633Z", "id": "CVE-2024-3798", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T14:46:29.447Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:01.949Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/07/CVE-2024-3798"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/07/CVE-2024-3798"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert.pl/en/posts/2024/07/CVE-2024-3798", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://cert.pl/posts/2024/07/CVE-2024-3798", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342", "tags": ["issue-tracking", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:01.949Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3798", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-10T14:46:26.554633Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sourcefabric:phoniebox:*:*:*:*:*:*:*:*"], "vendor": "sourcefabric", "product": "phoniebox", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.7"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T14:46:06.531Z"}}], "cna": {"tags": ["x_open-source"], "title": "Insecure handling of GET argument in Phoniebox", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}, {"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}, {"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/MiczFlor/RPi-Jukebox-RFID", "vendor": "Phoniebox", "product": "Phoniebox", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.7"}, {"status": "unaffected", "version": "3.0", "versionType": "semver", "lessThanOrEqual": "*"}], "programFiles": ["htdocs/api/playlist/playsinglefile.php"], "defaultStatus": "unknown"}], "datePublic": "2024-04-15T11:55:00.000Z", "references": [{"url": "https://cert.pl/en/posts/2024/07/CVE-2024-3798", "tags": ["third-party-advisory"]}, {"url": "https://cert.pl/posts/2024/07/CVE-2024-3798", "tags": ["third-party-advisory"]}, {"url": "https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342", "tags": ["issue-tracking"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Insecure handling of GET header parameter file\u00a0included in requests being sent to an instance of the\u00a0open-source project\u00a0Phoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send malicious\u00a0requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery.\n\n\nThis issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable.\u00a0\nPhoniebox in version 3.0 and higher are not affected.", "supportingMedia": [{"type": "text/html", "value": "Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery. This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable.  Phoniebox in version 3.0 and higher are not affected. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-07-12T09:25:17.347Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3798", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:20:01.949Z", "dateReserved": "2024-04-15T10:51:28.994Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2024-07-10T11:59:10.637Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insecure handling of GET header parameter file\u00a0included in requests being sent to an instance of the\u00a0open-source project\u00a0Phoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send malicious\u00a0requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery.\n\n\nThis issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable.\u00a0\nPhoniebox in version 3.0 and higher are not affected."}, {"lang": "es", "value": "El manejo inseguro del archivo de par\u00e1metros de encabezado GET incluido en las solicitudes que se env\u00edan a una instancia del proyecto de c\u00f3digo abierto Phoniebox permite a un atacante crear un sitio web que, cuando lo visita un usuario, enviar\u00e1 solicitudes maliciosas a m\u00faltiples hosts en la red local. Si dicha solicitud llega al servidor, provocar\u00e1 una de las siguientes situaciones (seg\u00fan el payload elegido): ejecuci\u00f3n de comandos de shell, XSS reflejado o cross-site request forgery. Este problema afecta a Phoniebox en todas las versiones hasta la 2.7. Las versiones m\u00e1s recientes no se probaron, pero tambi\u00e9n podr\u00edan ser vulnerables."}], "id": "CVE-2024-3798", "lastModified": "2024-07-12T10:15:01.757", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2024-07-10T12:15:09.873", "references": [{"source": "cvd@cert.pl", "url": "https://cert.pl/en/posts/2024/07/CVE-2024-3798"}, {"source": "cvd@cert.pl", "url": "https://cert.pl/posts/2024/07/CVE-2024-3798"}, {"source": "cvd@cert.pl", "url": "https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-79"}], "source": "cvd@cert.pl", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object