February 2023 Web Application Vulnerabilities Released
The Qualys Web Application Scanning (WAS) team recently issued an important update to its security signatures, designed to detect vulnerabilities in several popular software applications including WordPress, Control Web Panel 7 (CWP7), Grafana, Underscore.js, Atlassian Jira Server, dotCMS, and Joomla. These vulnerabilities, if left unpatched, can pose significant security threats such as data breaches, unauthorized access, and other malicious activities. To safeguard their networks and systems, organizations must conduct a thorough security review and promptly address any potential vulnerabilities.
|150642||Control Web Panel 7 (CWP7) Unauthenticated Remote Code Execution (RCE) Vulnerability (CVE-2022-44877)|
|150643||Atlassian Jira Server and Data Center Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-26135)|
|150644||Grafana Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2022-23552)|
|150645||Grafana Spoofing originalUrl of snapshots Vulnerability (CVE-2022-39324)|
|150646||WordPress Booster for Woocommerce Plugin: Cross-Site Resource Forgery (CSRF) Vulnerability(CVE-2022-4017)|
|150647||dotCMS Authenticated Directory Traversal Vulnerability (CVE-2022-45783)|
|150648||dotCMS Denial of Service (DoS) Vulnerability (CVE-2022-37034)|
|150649||dotCMS Server-Side Request Forgery Vulnerability (CVE-2022-37033)|
|150650||Grafana Sensitive Information Disclosure Vulnerability (CVE-2022-23498)|
|150651||Joomla! Core Webservice Endpoints Improper access control Vulnerability (CVE-2023-23752)|
|150652||WordPress Clean Login Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2022-4838)|
|154130||Joomla! Core Cross-Site Resource Forgery (CSRF) Vulnerability (CVE-2023-23750)|
|154131||Joomla! Core Incorrect Access Control Vulnerability (CVE-2023-23751)|
QID 150642: Control Web Panel 7 (CWP7) Unauthenticated Remote Code Execution (RCE) Vulnerability (CVE-2022-44877)
|Affected Versions||Control Web Panel versions prior to 0.9.8.1147|
Control Web Panel (CWP or CentOS Web Panel) is a free and user-friendly control panel for Linux servers and VPS software.
However, on January 3, 2023, a security researcher disclosed CVE-2022-44877, an unauthenticated remote code execution vulnerability in CWP, which could potentially be exploited by cyber attackers to execute malicious commands on targeted systems. The vulnerability, fixed in an October 2022 release of CWP, results from an operating system command injection via shell metacharacters in the “login” parameter of the “/login/index.php” endpoint.
It is highly recommended that customers update to Control Web Panel version 0.9.8.1147 or later to remediate this vulnerability. For more information on this issue, please refer to CWP Changelog.
QID 150643: Atlassian Jira Server and Data Center Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-26135)
|Affected Versions||Versions after 8.0 and before 8.13.22|
8.20.x before 8.20.10
8.22.x before 8.22.4
Atlassian’s Jira is a proprietary issue-tracking product that offers essential functions such as bug and project management. However, a full-read server-side request forgery vulnerability exists in Jira’s Mobile Plugin, which is bundled with Jira and Jira Service Management. Any authenticated user, including those who have signed up, can exploit this vulnerability, which specifically affects the batch HTTP endpoint.
If exploited, remote attackers can gain access to sensitive data within the local network or send malicious requests to other servers from the compromised system. To mitigate this risk, customers are advised to upgrade to the latest version of Atlassian Jira Server and Data Center. For more information, refer to Atlassian Jira Security Advisory.
QID 150644: Grafana Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2022-23552)
|Affected Versions||Grafana versions from 8.1.0 to 8.5.16|
Grafana versions from 9.0.0 to 9.2.10
Grafana versions from 9.3.0 to 9.3.4
To remediate this vulnerability, customers are advised to upgrade their Grafana installations to a later version. For more information on this vulnerability, please refer to the GitHub Advisory.
QID 150645: Grafana Spoofing original Url of snapshots Vulnerability (CVE-2022-39324)
|Affected Versions||Grafana prior to versions 8.5.16 and 9.2.8|
To remediate this vulnerability, customers are advised to upgrade to a later version of Grafana. For more information, refer to the Github Advisory.
QID 150646: WordPress Booster for Woocommerce Plugin: Cross-Site Resource Forgery (CSRF) Vulnerability(CVE-2022-4017)
|Affected Versions||The Booster for WooCommerce WordPress plugin before 6.0.1|
It is recommended that customers upgrade to Booster for WooCommerce 6.0.1 or later to address this vulnerability. For more information, please refer to the WPScan Security Advisory.
QID 150647: dotCMS Authenticated Directory Traversal Vulnerability (CVE-2022-45783)
|Affected Versions||dotCMS versions 22.10.1 and below|
dotCMS is a Java-based open source content management system designed to manage content and content-driven sites and applications. An authenticated directory traversal vulnerability in the dotCMS API can lead to remote code execution (RCE). The flaw is due to the acceptance and extraction of a zip file at the “/api/integrity/_fixconflictsfromremote” endpoint without adequate path traversal checks. An attacker can exploit this by sending a specially crafted zip file containing directory traversal characters in the file names, enabling them to extract the contents at an arbitrary path within the system. Admin-level privileges are required to exploit this vulnerability. Successful exploitation may allow a remote attacker to execute arbitrary code on the target system, potentially leading to a full compromise.
Customers are strongly advised to upgrade to the latest version of dotCMS to address this vulnerability. For additional information on this issue, please consult the SI-67 advisory.
QID 150648: dotCMS Denial of Service (DoS) Vulnerability (CVE-2022-37034)
|Affected Versions||dotCMS versions from 5.2.0 to 22.10|
dotCMS is a popular open-source content management system that is widely used for managing content and content-driven websites and applications. However, a vulnerability has been discovered that could result in a denial of service attack. The vulnerability is caused by the repeated invocation of the TempFileResource, which can cause the dotCMS server to download a large file each time. This can lead to the exhaustion of the Tomcat Request Thread pool, resulting in a denial of service for all other requests.
To mitigate this risk, dotCMS users are strongly recommended to upgrade to the latest version of the software. Doing so will eliminate the vulnerability and ensure that the dotCMS platform is protected against this type of attack.
For more information on this issue and how to protect your dotCMS instance, please refer to SI-65.
QID 150649: dotCMS Server-Side Request Forgery Vulnerability (CVE-2022-37033)
|Affected Versions||dotCMS versions from 5.2.0 to 22.06|
dotCMS is a popular open source content management system that allows users to manage content and content-driven applications. Recently, a vulnerability was discovered in the dotCMS TempFileAPI that could potentially allow remote attackers to send malicious HTTP requests and cause the web server to initiate requests to arbitrary systems.
The issue occurs due to the TempFileAPI’s ability to create temporary files based on a specified URL. Although dotCMS tries to prevent access to URLs containing local IP addresses or private subnets, the TempFileAPI will follow any 302 redirects returned by the remote URL. Attackers can exploit this by creating a URL that returns a 302 redirect to a local resource, such as https://elasticsearch:9200, which dotCMS will attempt to retrieve without re-validating the redirect URL. This can result in the TempFileAPI returning data from local/private IPs that should not be accessible remotely.
If exploited successfully, the vulnerability could allow remote attackers to send malicious HTTP requests, causing the web server to initiate requests to arbitrary systems. As a result, customers are recommended to upgrade to the latest version of dotCMS to remediate this vulnerability.
For further information regarding this issue, please refer to SI-64. It is crucial for organizations to stay up to date with the latest security patches and upgrades to ensure that their systems remain secure and protected against potential threats.
QID 150650: Grafana Sensitive Information Disclosure Vulnerability (CVE-2022-23498)
|Affected Versions||Grafana versions from 8.3.1 to 9.2.7|
Grafana versions from 9.3.0 to 9.3.2
Grafana is an open-source platform that provides real-time analytics, monitoring, and interactive visualizations for various data sources. Its datasource query caching feature, which caches all headers including session cookie rotation headers, creates a security vulnerability. A malicious actor could potentially receive the cached session cookie of another user, if the first response to a datasource query contained a session cookie rotation header. This vulnerability could allow an unauthorized attacker to gain access to sensitive information. It is recommended that users upgrade to the latest version of Grafana to mitigate this vulnerability.
QID 150651: Joomla! Core Webservice Endpoints Improper access control Vulnerability (CVE-2023-23752)
|Affected Versions||Joomla! versions 4.0.0 to 4.2.7|
Joomla, a popular content management system (CMS), has recently been found to have a serious security vulnerability that could compromise the web application. The vulnerability exists due to improper access restrictions to web service endpoints, which an unauthenticated attacker can exploit to obtain sensitive information about Joomla’s configuration. Successful exploitation could allow the attacker to access valuable information about the target application. Joomla’s access control to web service endpoints is flawed, and unauthenticated attackers can access the RestAPI interface by sending specially crafted requests.
It is recommended that all users of Joomla upgrade to the latest version 4.2.8. to mitigate the risks associated with this vulnerability. This is particularly important for those who use Joomla for their website, as the vulnerability can have serious consequences for their business operations. The security community has warned that the PoC and details of the vulnerability have been made public, and attackers are likely to exploit this vulnerability on unpatched systems. Therefore, it is imperative that Joomla users take protective measures as soon as possible to avoid falling victim to attacks.
QID 150652: WordPress Clean Login Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2022-4838)
|Affected Versions||The Clean Login WordPress plugin before 1.13.7|
To protect against this vulnerability, users are advised to upgrade to Clean Login version 1.13.7 or later. For more information on this vulnerability and how to remediate it, please refer to WPScan Security Advisory.
|Affected Versions||underscore from 1.13.0-0 and before 1.13.0-2|
underscore from 1.3.2 and before 1.12.1
QID 154130: Joomla! Core Cross-Site Resource Forgery (CSRF) Vulnerability (CVE-2023-23750)
|Affected Versions||Joomla CMS versions 4.0.0 to 4.2.6|
To protect your website, it is crucial that you install the latest version of Joomla, which contains the necessary security updates to address this vulnerability. For more information on this issue and how to update your Joomla installation, please refer to the official Joomla security advisory .
QID 154131: Joomla! Core Incorrect Access Control Vulnerability (CVE-2023-23751)
|Affected Versions||Joomla! CMS versions 4.0.0 to 4.2.6|
Joomla! is a widely-used open-source content management system for building websites. Unfortunately, a vulnerability has been discovered in the versions of Joomla that could allow unauthorized users to access sensitive information. The issue stems from a missing ACL check, which allows non-super-admin users to access com_actionlogs. If successfully exploited, attackers can use this access to carry out further attacks and obtain sensitive information.
To remediate this vulnerability, customers are advised to install the latest version of Joomla. For more information, please refer to the Joomla security advisory .
As with any software, it is important to keep Joomla up to date with the latest security patches to ensure the safety of your website and its visitors. Stay vigilant and keep your website protected from potential threats.