Improper Authorization in librenms/librenms

Valid

Reported on

Feb 13th 2022


Description

LibreNMS v22.1.0 allows users with the normal role/level to interact with the plugin setting resulting in the users could take action such as switching on/off any installed plugins which are supposedly accessible by the Administrator only.

Proof of Concept

Affected endpoints:

1 GET http://{HOST}/plugin/settings

~

Steps to reproduce:

1 Login as a normal user.

2 Browse to http://{HOST}/plugin/settings

3 We can switch on/off any installed plugins and interact with the setting such as creating and managing maps for the Weathermap plugin.

Impact

This vulnerability is capable of modifying or performing a system function outside the user's limits.

We are processing your report and will contact the librenms team within 24 hours. 3 months ago
Faisal Fs modified the report
3 months ago
We have contacted a member of the librenms team and are waiting to hear back 3 months ago
PipoCanaja validated this vulnerability 3 months ago
Faisal Fs has been awarded the disclosure bounty
The fix bounty is now up for grabs
Neil Lathwood confirmed that a fix has been merged on 95970a 3 months ago
The fix bounty has been dropped
to join this conversation