CVE-2023-51387

{"id": "CVE-2023-51387", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-12-22T21:15:08.790", "references": [{"url": "https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1."}, {"lang": "es", "value": "Hertzbeat es un sistema de monitoreo en tiempo real de c\u00f3digo abierto. Hertzbeat utiliza aviatorscript para evaluar expresiones de alerta. Se supone que las expresiones de alerta son expresiones simples. Sin embargo, debido a una sanitizaci\u00f3n inadecuada de las expresiones de alerta en versiones anteriores a la 1.4.1, un usuario malintencionado puede utilizar una expresi\u00f3n de alerta manipulada para ejecutar cualquier comando en el servidor hertzbeat. Un usuario malintencionado que tenga acceso a la funci\u00f3n de definici\u00f3n de alertas puede ejecutar cualquier comando en la instancia de Hertzbeat. Este problema se solucion\u00f3 en la versi\u00f3n 1.4.1."}], "lastModified": "2024-01-03T17:43:59.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA9DA6B7-E31D-4037-BB20-38E777BF59BF", "versionEndExcluding": "1.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}