CVE-2024-21623 - Vulnerability Details - OpenCVE

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "`Analysis - SonarCloud`" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Vendors	Products
Mehah	Otclient

Configuration 1 [-]

cpe:2.3:a:mehah:otclient:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104
https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254
https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
https://securitylab.github.com/research/github-actions-untrusted-input/

History

Thu, 14 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-02T20:29:14.163Z

Updated: 2024-11-14T19:11:03.581Z

Reserved: 2023-12-29T03:00:44.953Z

Link: CVE-2024-21623

Vulnrichment

Updated: 2024-08-01T22:27:35.824Z

NVD

Status : Modified

Published: 2024-01-02T21:15:10.250

Modified: 2024-11-21T08:54:44.770

Link: CVE-2024-21623

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21623", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-29T03:00:44.953Z", "datePublished": "2024-01-02T20:29:14.163Z", "dateUpdated": "2024-11-14T19:11:03.581Z"}, "containers": {"cna": {"title": "Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589"}, {"name": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254", "tags": ["x_refsource_MISC"], "url": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254"}, {"name": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104", "tags": ["x_refsource_MISC"], "url": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104"}, {"name": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/", "tags": ["x_refsource_MISC"], "url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/"}, {"name": "https://securitylab.github.com/research/github-actions-untrusted-input/", "tags": ["x_refsource_MISC"], "url": "https://securitylab.github.com/research/github-actions-untrusted-input/"}], "affected": [{"vendor": "mehah", "product": "otclient", "versions": [{"version": "< db560de0b56476c87a2f967466407939196dd254", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-02T20:29:14.163Z"}, "descriptions": [{"lang": "en", "value": "OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient \"`Analysis - SonarCloud`\" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue."}], "source": {"advisory": "GHSA-q6gr-wc79-v589", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:35.824Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589"}, {"name": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254"}, {"name": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104"}, {"name": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/"}, {"name": "https://securitylab.github.com/research/github-actions-untrusted-input/", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://securitylab.github.com/research/github-actions-untrusted-input/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-16T16:45:09.041911Z", "id": "CVE-2024-21623", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T19:11:03.581Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589", "name": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254", "name": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104", "name": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/", "name": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://securitylab.github.com/research/github-actions-untrusted-input/", "name": "https://securitylab.github.com/research/github-actions-untrusted-input/", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:35.824Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21623", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-16T16:45:09.041911Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T19:10:57.805Z"}}], "cna": {"title": "Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets", "source": {"advisory": "GHSA-q6gr-wc79-v589", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "mehah", "product": "otclient", "versions": [{"status": "affected", "version": "< db560de0b56476c87a2f967466407939196dd254"}]}], "references": [{"url": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589", "name": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254", "name": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104", "name": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104", "tags": ["x_refsource_MISC"]}, {"url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/", "name": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/", "tags": ["x_refsource_MISC"]}, {"url": "https://securitylab.github.com/research/github-actions-untrusted-input/", "name": "https://securitylab.github.com/research/github-actions-untrusted-input/", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient \"`Analysis - SonarCloud`\" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-02T20:29:14.163Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21623", "state": "PUBLISHED", "dateUpdated": "2024-11-14T19:11:03.581Z", "dateReserved": "2023-12-29T03:00:44.953Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-01-02T20:29:14.163Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mehah:otclient:*:*:*:*:*:*:*:*", "matchCriteriaId": "60A3865E-2453-4A5A-9685-34494CC8BCD1", "versionEndExcluding": "2023-12-30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient \"`Analysis - SonarCloud`\" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue."}, {"lang": "es", "value": "OTCLient es un cliente de tibia alternativo para otserv. Antes del commit db560de0b56476c87a2f967466407939196dd254, el workflow /mehah/otclient \"`Analysis - SonarCloud`\" es vulnerable a una inyecci\u00f3n de expresi\u00f3n en Actions, lo que permite a un atacante ejecutar comandos de forma remota en el ejecutor, filtrar secretos y alterar el repositorio utilizando este workflow. El commit db560de0b56476c87a2f967466407939196dd254 contiene una soluci\u00f3n para este problema."}], "id": "CVE-2024-21623", "lastModified": "2024-11-21T08:54:44.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-02T21:15:10.250", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securitylab.github.com/research/github-actions-untrusted-input/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securitylab.github.com/research/github-actions-untrusted-input/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}