Exposure of Sensitive Information to an Unauthorized Actor in librenms/librenms

Valid

Reported on

Feb 13th 2022


LibreNMS v22.1.0 allows users with the normal role/level to view/access the alert transport details. The alert transport may expose sensitive information to an actor that is not explicitly authorized to have access to that information which are supposedly accessible by the Administrator only.

Proof of Concept

Affected endpoints:

1 GET http://{HOST}/alert-transports

~

Steps to reproduce:

1 Login as normal user.

2 Browse to http://{HOST}/alert-transports

3 We can view/access the alert transport information in details such as Transport Name, host IP, Transport Type, Personal Access Token, API Token etc.

~

PoC image:

Impact

This vulnerability is capable of leading to unauthorized sensitive information disclosure of relevant parties.

We are processing your report and will contact the librenms team within 24 hours. 2 years ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists 2 years ago
Faisal Fs ⚔️ modified the report
2 years ago
Faisal Fs ⚔️ modified the report
2 years ago
Faisal Fs ⚔️ modified the report
2 years ago
We have contacted a member of the librenms team and are waiting to hear back 2 years ago
PipoCanaja validated this vulnerability 2 years ago
faisalfs10x has been awarded the disclosure bounty
The fix bounty is now up for grabs
Neil Lathwood marked this as fixed in 22.2.0 with commit 95970a 2 years ago
The fix bounty has been dropped
to join this conversation