Cross-Site Request Forgery (CSRF) to User Privilege Escalation in pandorafms/pandorafms

Valid

Reported on

Feb 19th 2022

Description

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.

Detail

Version: Pandora FMS v7.0NG.759 - OUM 759 - MR 51

Affected components: Console

Proof of Concept

Affected Endpoint:

POST http://$HOST/pandora_console/index.php?sec=gmassive&sec2=godmode/massive/massive_operations&tab=massive_users&option=add_profiles

PoC file: adding attacker into Admin group, password: dejy7ecw7y

Impact

This vulnerability is capable of adding an attacker account into the Administrator group resulting in elevation of privilege.

Occurrences

massive_add_profiles.php L144-L266

References

NIST NVD CVE-2022-26309 Detail

We are processing your report and will contact the pandorafms team within 24 hours. 2 years ago

Faisal Fs ⚔️ modified the report

2 years ago

Faisal Fs ⚔️ modified the report

2 years ago

We created a GitHub Issue asking the maintainers to create a SECURITY.md 2 years ago

We have contacted a member of the pandorafms team and are waiting to hear back 2 years ago

We have sent a follow up to the pandorafms team. We will try again in 7 days. 2 years ago

A pandorafms/pandorafms maintainer modified the report

2 years ago

Faisal Fs ⚔️

commented 2 years ago

Researcher

Hi, is it supposed to be addressed as low severity?

We have sent a second follow up to the pandorafms team. We will try again in 10 days. 2 years ago

A pandorafms/pandorafms maintainer

commented 2 years ago

Maintainer

As an official CNA, we have reserved the following CVE ( CVE-2022-26308 ) and this vulnerability will be fixed in version v761.

We have sent a third and final follow up to the pandorafms team. This report is now considered stale. 2 years ago

Faisal Fs ⚔️ modified the report

a year ago

Faisal Fs ⚔️

commented a year ago

Researcher

Pandora FMS Advisory:

to join this conversation

We are processing your report and will contact the pandorafms team within 24 hours. 2 years ago

Faisal Fs ⚔️ modified the report

2 years ago

Faisal Fs ⚔️ modified the report

2 years ago

We created a GitHub Issue asking the maintainers to create a SECURITY.md 2 years ago

We have contacted a member of the pandorafms team and are waiting to hear back 2 years ago

We have sent a follow up to the pandorafms team. We will try again in 7 days. 2 years ago

A pandorafms/pandorafms maintainer modified the report

2 years ago

Faisal Fs ⚔️

commented 2 years ago

Researcher

Hi, is it supposed to be addressed as low severity?

We have sent a second follow up to the pandorafms team. We will try again in 10 days. 2 years ago

A pandorafms/pandorafms maintainer

commented 2 years ago

Maintainer

As an official CNA, we have reserved the following CVE ( CVE-2022-26308 ) and this vulnerability will be fixed in version v761.

We have sent a third and final follow up to the pandorafms team. This report is now considered stale. 2 years ago

Faisal Fs ⚔️ modified the report

a year ago

Faisal Fs ⚔️

commented a year ago

Researcher

Pandora FMS Advisory:

to join this conversation