CVE-2023-26032 - Vulnerability Details - OpenCVE

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zoneminder	Zoneminder

Configuration 1 [-]

OR	cpe:2.3:a:zoneminder:zoneminder::::::::
	cpe:2.3:a:zoneminder:zoneminder::::::::

No data.

References

Link	Providers
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-02-25T00:55:28.807Z

Updated: 2024-08-02T11:39:06.600Z

Reserved: 2023-02-17T22:44:03.147Z

Link: CVE-2023-26032

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-25T01:15:56.760

Modified: 2024-11-21T07:50:37.510

Link: CVE-2023-26032

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-26032", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-02-17T22:44:03.147Z", "datePublished": "2023-02-25T00:55:28.807Z", "dateUpdated": "2024-08-02T11:39:06.600Z"}, "containers": {"cna": {"title": "ZoneMinder contains SQL injection via malicious Jason Web Token", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9"}], "affected": [{"vendor": "ZoneMinder", "product": "zoneminder", "versions": [{"version": "< 1.36.33", "status": "affected"}, {"version": ">= 1.37.0, < 1.37.33", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-25T00:55:28.807Z"}, "descriptions": [{"lang": "en", "value": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33."}], "source": {"advisory": "GHSA-6c72-q9mw-mwx9", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:39:06.600Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4A5EDFC-FCEB-4982-A3D1-C95814646A27", "versionEndExcluding": "1.36.33", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1AF3896-BC5B-4FB6-842D-29B621F987E4", "versionEndExcluding": "1.37.33", "versionStartIncluding": "1.37.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33."}, {"lang": "es", "value": "ZoneMinder es una aplicaci\u00f3n de software de circuito cerrado de televisi\u00f3n de c\u00f3digo abierto y gratuita para Linux que admite c\u00e1maras IP, USB y anal\u00f3gicas. Las versiones anteriores a la 1.36.33 y 1.37.33 contienen inyecci\u00f3n SQL mediante un token web jason malicioso. Se confiaba en el campo Username del token JWT al realizar una consulta SQL para cargar el usuario. Si un atacante pudiera determinar la clave HASH utilizada por ZoneMinder, podr\u00eda generar un token JWT malicioso y usarlo para ejecutar SQL arbitrario. Este problema se solucion\u00f3 en las versiones 1.36.33 y 1.37.33."}], "id": "CVE-2023-26032", "lastModified": "2024-11-21T07:50:37.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-25T01:15:56.760", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}