CVE-2023-51388 - Vulnerability Details - OpenCVE

Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript (which can execute any static method by default) script injection. Version 1.4.1 fixes this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Hertzbeat

Configuration 1 [-]

cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2
https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj

History

Thu, 16 Jan 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache hertzbeat
CPEs		cpe:2.3:a:apache:hertzbeat::::::::
Vendors & Products		Apache Apache hertzbeat

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-22T15:53:46.458Z

Updated: 2024-08-14T19:09:04.986Z

Reserved: 2023-12-18T19:35:29.003Z

Link: CVE-2023-51388

Vulnrichment

Updated: 2024-08-02T22:32:09.231Z

NVD

Status : Analyzed

Published: 2024-02-22T16:15:53.413

Modified: 2025-01-16T19:11:41.830

Link: CVE-2023-51388

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-51388", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-18T19:35:29.003Z", "datePublished": "2024-02-22T15:53:46.458Z", "dateUpdated": "2024-08-14T19:09:04.986Z"}, "containers": {"cna": {"title": "HertzBeat AviatorScript Inject RCE", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj"}, {"name": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2", "tags": ["x_refsource_MISC"], "url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2"}], "affected": [{"vendor": "dromara", "product": "hertzbeat", "versions": [{"version": "< 1.4.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-22T15:53:46.458Z"}, "descriptions": [{"lang": "en", "value": "Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript (which can execute any static method by default) script injection. Version 1.4.1 fixes this vulnerability."}], "source": {"advisory": "GHSA-mcqg-gqxr-hqgj", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:09.231Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj"}, {"name": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2"}]}, {"affected": [{"vendor": "dromara", "product": "hertzbeat", "cpes": ["cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.4.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T19:08:29.282771Z", "id": "CVE-2023-51388", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T19:09:04.986Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj", "name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2", "name": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:09.231Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-51388", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-14T19:08:29.282771Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:*"], "vendor": "dromara", "product": "hertzbeat", "versions": [{"status": "affected", "version": "0", "lessThan": "1.4.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T19:09:00.487Z"}}], "cna": {"title": "HertzBeat AviatorScript Inject RCE", "source": {"advisory": "GHSA-mcqg-gqxr-hqgj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "dromara", "product": "hertzbeat", "versions": [{"status": "affected", "version": "< 1.4.1"}]}], "references": [{"url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj", "name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2", "name": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript (which can execute any static method by default) script injection. Version 1.4.1 fixes this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-22T15:53:46.458Z"}}}, "cveMetadata": {"cveId": "CVE-2023-51388", "state": "PUBLISHED", "dateUpdated": "2024-08-14T19:09:04.986Z", "dateReserved": "2023-12-18T19:35:29.003Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-02-22T15:53:46.458Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B4E8400-424B-4FCB-81C8-5D559B146130", "versionEndExcluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript (which can execute any static method by default) script injection. Version 1.4.1 fixes this vulnerability."}, {"lang": "es", "value": "Hertzbeat es un sistema de monitorizaci\u00f3n en tiempo real. En `CalculateAlarm.java`, `AviatorEvaluator` se usa para ejecutar directamente la funci\u00f3n de expresi\u00f3n y no se configura ninguna pol\u00edtica de seguridad, lo que da como resultado la inyecci\u00f3n de script AviatorScript (que puede ejecutar cualquier m\u00e9todo est\u00e1tico de forma predeterminada). La versi\u00f3n 1.4.1 corrige esta vulnerabilidad."}], "id": "CVE-2023-51388", "lastModified": "2025-01-16T19:11:41.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-22T16:15:53.413", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}