Improper Access Control in librenms/librenms

Valid

Reported on

Feb 12th 2022


Description

Improper Access Control vulnerability in LibreNMS v22.1.0 allows attackers with the normal role/level to interact with port-groups functionality such as create, edit/modify and delete the existing port group. The port-groups functionality fails to enforce policy such that normal users could act outside of their intended permissions which are supposedly accessible by the Administrator only.

Proof of Concept

Affected endpoints:

1 GET http://{HOST}/port-groups - [view all port groups]

2 POST http://{HOST}/port-groups - [create]

3 POST http://{HOST}/port-groups/{port_id} - [edit]

4 DELETE http://{HOST}/port-groups/{port_id} - [delete]

~

Steps to reproduce:

1 Login as normal user.

2 Browse to http://{HOST}/port-groups.

3 We can interact with the port group functionality such as create, edit/modify and delete existing port group.

Impact

This vulnerability is capable of leading to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.

We are processing your report and will contact the librenms team within 24 hours. 3 months ago
Faisal Fs modified the report
3 months ago
Faisal Fs modified the report
3 months ago
We have contacted a member of the librenms team and are waiting to hear back 3 months ago
PipoCanaja validated this vulnerability 3 months ago
Faisal Fs has been awarded the disclosure bounty
The fix bounty is now up for grabs
Neil Lathwood confirmed that a fix has been merged on 95970a 3 months ago
The fix bounty has been dropped
form.blade.php#L4-L12 has been validated
to join this conversation