fkie_cve-2023-38880
Vulnerability from fkie_nvd
Published
2023-11-20 19:15
Modified
2024-11-21 08:14
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sql" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes.
References
cve@mitre.orghttps://github.com/OS4ED/openSIS-ClassicProduct
cve@mitre.orghttps://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880Third Party Advisory
cve@mitre.orghttps://www.os4ed.com/Product
af854a3a-2127-422b-91ae-364da2661108https://github.com/OS4ED/openSIS-ClassicProduct
af854a3a-2127-422b-91ae-364da2661108https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.os4ed.com/Product
Impacted products
Vendor Product Version
os4ed opensis 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*",
              "matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Community Edition version 9.0 of OS4ED\u0027s openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of \"opensisBackup\u003cdate\u003e.sql\" (e.g. \"opensisBackup07-20-2023.sql\"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes."
    },
    {
      "lang": "es",
      "value": "La versi\u00f3n Community Edition 9.0 de openSIS Classic de OS4ED tiene una vulnerabilidad de control de acceso rota en la funcionalidad de copia de seguridad de la base de datos. Siempre que un administrador genera una copia de seguridad de la base de datos, la copia de seguridad se almacena en la ra\u00edz web mientras el nombre del archivo tiene el formato \"opensisBackup.sq|\" (p. ej., \"opensisBackup07-20-2023.sql\"), es decir, se puede adivinar f\u00e1cilmente. Cualquier actor no autenticado puede acceder a este archivo y contiene un volcado de toda la base de datos, incluidos los hashes de contrase\u00f1as."
    }
  ],
  "id": "CVE-2023-38880",
  "lastModified": "2024-11-21T08:14:21.227",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-20T19:15:08.600",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/OS4ED/openSIS-Classic"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://www.os4ed.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/OS4ED/openSIS-Classic"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://www.os4ed.com/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.