CVE-2024-42167 - Vulnerability Details - OpenCVE

The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Fiware	Keyrock

Configuration 1 [-]

cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories

History

Mon, 12 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fiware Fiware keyrock
CPEs		cpe:2.3:a:fiware:keyrock::::::::
Vendors & Products		Fiware Fiware keyrock
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 12 Aug 2024 12:00:00 +0000

Type	Values Removed	Values Added
Description		The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname.
Title		Command Injection in Organisationname
Weaknesses		CWE-78
References		https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CyberDanube

Published: 2024-08-12T11:38:35.988Z

Updated: 2024-08-12T14:20:39.285Z

Reserved: 2024-07-29T20:49:58.925Z

Link: CVE-2024-42167

Vulnrichment

Updated: 2024-08-12T14:20:26.819Z

NVD

Status : Analyzed

Published: 2024-08-12T13:38:33.583

Modified: 2024-08-29T15:24:12.060

Link: CVE-2024-42167

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42167", "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc", "state": "PUBLISHED", "assignerShortName": "CyberDanube", "dateReserved": "2024-07-29T20:49:58.925Z", "datePublished": "2024-08-12T11:38:35.988Z", "dateUpdated": "2024-08-12T14:20:39.285Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FIWARE Keyrock", "vendor": "FIWARE", "versions": [{"lessThanOrEqual": "8.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The function \"generate_app_certificates\" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname."}], "value": "The function \"generate_app_certificates\" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4\u00a0does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc", "shortName": "CyberDanube", "dateUpdated": "2024-08-12T11:38:35.988Z"}, "references": [{"url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"}], "source": {"discovery": "EXTERNAL"}, "title": "Command Injection in Organisationname", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "fiware", "product": "keyrock", "cpes": ["cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "8.4", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-12T14:02:57.512640Z", "id": "CVE-2024-42167", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T14:20:39.285Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42167", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-12T14:02:57.512640Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*"], "vendor": "fiware", "product": "keyrock", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T14:20:26.819Z"}}], "cna": {"title": "Command Injection in Organisationname", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "FIWARE", "product": "FIWARE Keyrock", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The function \"generate_app_certificates\" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4\u00a0does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname.", "supportingMedia": [{"type": "text/html", "value": "The function \"generate_app_certificates\" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc", "shortName": "CyberDanube", "dateUpdated": "2024-08-12T11:38:35.988Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42167", "state": "PUBLISHED", "dateUpdated": "2024-08-12T14:20:39.285Z", "dateReserved": "2024-07-29T20:49:58.925Z", "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc", "datePublished": "2024-08-12T11:38:35.988Z", "assignerShortName": "CyberDanube"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D17A7A9-D306-4797-87E7-DCF904D86D27", "versionEndIncluding": "8.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The function \"generate_app_certificates\" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4\u00a0does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname."}, {"lang": "es", "value": "La funci\u00f3n \"generate_app_certificates\" en controladores/saml2/saml2.js de FIWARE Keyrock <= 8.4 no neutraliza correctamente los elementos especiales utilizados en un comando del sistema operativo. Esto permite a un usuario autenticado con permisos crear aplicaciones para ejecutar comandos mediante la creaci\u00f3n de una aplicaci\u00f3n con un nombre de organizaci\u00f3n malicioso."}], "id": "CVE-2024-42167", "lastModified": "2024-08-29T15:24:12.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "office@cyberdanube.com", "type": "Secondary"}]}, "published": "2024-08-12T13:38:33.583", "references": [{"source": "office@cyberdanube.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"}], "sourceIdentifier": "office@cyberdanube.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "office@cyberdanube.com", "type": "Secondary"}]}