April 2023 Web Application Vulnerabilities Released
The Qualys Web Application Scanning (WAS) team has released a crucial update to its security signatures, which now includes detection for vulnerabilities in several widely used software applications like Webmin, GeoServer, Grafana, WordPress, WebDav, Oracle WebLogic Server and Atlassian Jira Server. If left unaddressed, these vulnerabilities could lead to serious security risks such as data breaches, unauthorized access, and other malicious activities. It is essential for organizations to perform a comprehensive security review and address any potential vulnerabilities to ensure the safety and security of their networks and systems.
| QID | Title | |
|---|---|---|
| 150666 | Webmin Cross-Site Scripting (XSS) Vulnerability (CVE-2022-36880) | |
| 150667 | GeoServer JAI-EXT Remote Code Execution (RCE) Vulnerability (CVE-2022-24816) | |
| 150668 | Grafana Stored Cross Site Scripting Vulnerability (CVE-2023-1410) | |
| 150669 | WordPress Shopping Cart and eCommerce Store Plugin: Local File Inclusion Vulnerability (CVE-2023-1124) | |
| 150670 | WordPress User Role by BestWebSoft Plugin: Cross-Site Request Forgery (CSRF) vulnerability (CVE-2023-0820) | |
| 150671 | WordPress WP Fastest Cache Plugin: Prior to 1.1.2 Multiple Security Vulnerabilities | |
| 150672 | WebDAV Detected | |
| 150673 | GeoServer OGC Filter SQL Injection Vulnerability (CVE-2023-25157) | |
| 150674 | Atlassian Jira Unauthorized Access to Installed Gadgets | |
| 150676 | Oracle WebLogic Server Multiple Vulnerabilities (APR-2023) | |
| 150677 | Atlassian Jira Unauthorized Access to Dashboards | |
| 150678 | Atlassian Jira Unauthorized Access to Admin Projects | |
| 154133 | WordPress Multiple Vulnerabilities: Security Release 6.0.2 | |
| 154134 | WordPress Multiple Vulnerabilities: Security Release 6.0.3 |
QID 150666: Webmin Cross-Site Scripting (XSS) Vulnerability (CVE-2022-36880)
| CVE-ID | CVE-2022-36880 |
| Severity | Level 3 |
| CVSS 3.1 | 6.1 |
| CWE-ID | 79 |
| Affected Versions | Webmin versions prior to 1.995 |
Description:
Webmin is a web-based server management control panel for Unix-like systems. A cross-site scripting (XSS) vulnerability exists in the HTTP Tunnel module of Webmin version 1.995 and below. If a less-privileged Webmin user is given permission to edit the configuration of the HTTP Tunnel module, he/she could use this to introduce a vulnerability that captures cookies belonging to other Webmin users that use the module. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information.
Customers are advised to upgrade to the latest version of Webmin to remediate this vulnerability.
QID 150667: GeoServer JAI-EXT Remote Code Execution (RCE) Vulnerability (CVE-2022-24816)
| CVE-ID | CVE-2022-24816 |
| Severity | Level 5 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 94 |
| Affected Versions | GeoServer prior to version 1.1.22 |
Description:
GeoServer is an open-source server for sharing geospatial data which comes with JAI-EXT API. A vulnerability has been found in Jiffle, a map algebra language provided by JAI-EXT that allows efficiently executing map algebra over large images. The vulnerability allows a code injection to be performed by properly crafting a Jiffle invocation. In the case of GeoServer, the injection can be performed from a remote request. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system.
Customers are advised to upgrade to the latest version of GeoServer to remediate this vulnerability. For more information please refer GitHub Security Advisory
QID 150668: Grafana Stored Cross Site Scripting Vulnerability (CVE-2023-1410)
| CVE-ID | CVE-2023-1410 |
| Severity | Level 3 |
| CVSS 3.1 | 4.8 |
| CWE-ID | 79 |
| Affected Versions | Grafana versions from 8.1.0 to 8.5.21 Grafana versions from 9.0.0 to 9.2.14 Grafana versions from 9.3.0 to 9.3.10 |
Description:
Grafana is an open-source platform for monitoring and observability that provides charts, graphs, and alerts for the web when connected to supported data sources. A stored XSS vulnerability was found in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due to the value of the Function Description not being properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information.
Customers are advised to upgrade to Grafana to the latest version to remediate this vulnerability. For more information regarding this vulnerability please refer Grafana Advisory.
QID 150669: WordPress Shopping Cart and eCommerce Store Plugin: Local File Inclusion Vulnerability (CVE-2023-1124)
| CVE-ID | CVE-2023-1124 |
| Severity | Level 4 |
| CVSS 3.1 | 7.2 |
| CWE-ID | 22 |
| Affected Versions | Shopping Cart and eCommerce Store prior to 5.4.3 |
Description:
The WordPress Shopping Cart plugin is a WordPress plugin that will automatically create 3 new pages in WordPress for the store, cart, and account. This plugin contains a vulnerability that could allow authenticated users with admin privileges to perform Local File Inclusion (LFI) attacks by exploiting the lack of HTTP request validation. Successful exploitation of the vulnerability may allow remote attackers to read sensitive files on the target server.
Customers are advised to upgrade to Shopping Cart 5.4.3 or a later version to remediate this vulnerability.
QID 150670: WordPress User Role by BestWebSoft Plugin: Cross-Site Request Forgery (CSRF) vulnerability (CVE-2023-0820)
| CVE-ID | CVE-2023-0820 |
| Severity | Level 4 |
| CVSS 3.1 | 8.8 |
| CWE-ID | 352 |
| Affected Versions | User Role plugin prior to 1.6.7 |
Description:
User Role is a WordPress plugin that makes it easy to manage your WordPress website role capabilities. A vulnerability report by Patchstack, the plugin lacks proper Cross-Site Request Forgery (CSRF) protection in requests that update role capabilities, allowing an attacker to escalate their privileges to any role on the site. An authenticated attacker could potentially gain access to sensitive data or perform unauthorized actions on the site. Customers are advised to upgrade to User Role 1.6.7 or a later version to remediate this vulnerability.
QID 150671: WordPress WP Fastest Cache Plugin: Prior to 1.1.2 Multiple Security Vulnerabilities
| CVE-ID | CVE-2023-1918 CVE-2023-1919 CVE-2023-1920 CVE-2023-1921 CVE-2023-1922 CVE-2023-1923 CVE-2023-1924 CVE-2023-1925 CVE-2023-1926 CVE-2023-1927 CVE-2023-1928 CVE-2023-1929 CVE-2023-1930 CVE-2023-1931 |
| Severity | Level 4 |
| CVSS 3.1 | 4.3 |
| CWE-ID | 352,862 |
| Affected Versions | WP Fastest Cache versions up to and including 1.1.2 |
Description:
WP Fastest Cache is a popular WordPress plugin that helps optimize website performance by caching pages and minimizing load times. However, the plugin has been found to contain multiple vulnerabilities, including several cross-site request forgery (CSRF) issues and missing authorization vulnerabilities.
These vulnerabilities could potentially be exploited by attackers to perform unauthorized actions, such as deleting cache or accessing sensitive information, compromising the security, integrity, and availability of the website.
To mitigate the risks associated with these vulnerabilities, customers are strongly advised to upgrade to the latest version of WP Fastest Cache (1.1.3 or later).
QID 150672: WebDAV Detected
| CVE-ID | NA |
| Severity | Level 3 |
| CVSS 3.1 | 7.3 |
| CWE-ID | 434,815 |
| Affected Versions | WebDav |
Description:
WebDAV (Web Distributed Authoring and Versioning) is an HTTP protocol extension that enables users to edit and manage files on a web server. However, enabling WebDAV without proper security measures can lead to significant security risks, including unauthorized access, data modification, or destruction. Attackers can exploit WebDAV for various types of attacks, such as injection attacks, file manipulation, and denial-of-service attacks, among others.
To prevent such vulnerabilities, it is recommended that customers properly configure WebDAV with secure authentication, access controls, and regular monitoring and updates.
QID 150673: GeoServer OGC Filter SQL Injection Vulnerability (CVE-2023-25157)
| CVE-ID | CVE-2023-25157 |
| Severity | Level 4 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 89 |
| Affected Versions | GeoServer Versions prior to version 2.18.7 GeoServer Versions from 2.19.0 prior to version 2.18.7 GeoServer Versions from 2.20.0 prior to version 2.18.7 GeoServer Versions from 2.21.0 prior to version 2.21.4 GeoServer Versions from 2.22.0 prior to version 2.21.2 |
Description:
GeoServer is a popular open-source server for sharing and editing geospatial data, written in Java. It provides support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. Additionally, CQL is supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. However, GeoServer’s OGC Filter is susceptible to multiple SQL injection vulnerabilities. If exploited, this vulnerability could allow an attacker to execute arbitrary commands, posing a significant threat to the system’s confidentiality, integrity, and availability.
To address these vulnerabilities, customers are strongly advised to upgrade to the latest version of GeoServer. For further information on this issue, please refer to GeoServer‘s official advisory.
QID 150674: Atlassian Jira Unauthorized Access to Installed Gadgets
| CVE-ID | NA |
| Severity | Level 3 |
| CVSS 3.1 | 5.3 |
| CWE-ID | 284 |
| Affected Versions | Atlassian Jira Server |
Description:
Atlassian Jira Server, a popular issue tracking and project management software, has been found to contain a security vulnerability. The flaw allows remote attackers to gain access to installed gadgets via the /rest/config/1.0/directory endpoint. Gadgets are small web applications that provide additional functionality and integration with other systems when installed on Jira dashboards. If exploited, this vulnerability could enable an attacker to obtain sensitive information or perform unauthorized actions through the installed gadgets on Jira Server.
It is recommended that customers block unauthenticated access to the specific URL */rest/config/1.0/directory at the network level to prevent potential attacks. For more information about this vulnerability and remediation steps, please refer to the JRASERVER-72613 advisory.
QID 150676: Oracle WebLogic Server Multiple Vulnerabilities (APR-2023)
| CVE-ID | CVE-2023-24998 CVE-2022-40152 CVE-2021-36090 CVE-2023-24998 CVE-2022-45685 CVE-2021-31684 CVE-2023-21996 CVE-2023-21931 CVE-2023-21964 CVE-2023-21979 CVE-2020-25638 CVE-2020-6950 CVE-2023-21956 CVE-2023-21960 CVE-2021-22569 CVE-2022-31160 |
| Severity | Level 4 |
| CVSS 3.1 | 7.5 |
| CWE-ID | 1352 |
| Affected Versions | Oracle WebLogic Server, version(s) 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 |
Description:
Oracle WebLogic Server, previously known as BEA WebLogic Server, is a popular platform for enterprises to build and deploy their applications and services. However, recent reports indicate that the Oracle WebLogic Server component in Oracle Fusion Middleware for versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 has been found to have multiple vulnerabilities.
The consequences of exploiting these vulnerabilities are dire. An attacker who successfully exploits these weaknesses can potentially compromise and take control of the entire Oracle WebLogic Server. This can lead to the attacker having access to sensitive information, and disrupting the normal functioning of the enterprise applications and services hosted on the server.
To mitigate these risks, Oracle has released patches for these vulnerabilities. Customers are advised to immediately update their Oracle WebLogic Server installations to the latest patched version. The detailed information about the patches and their installation process can be found in Oracle’s Critical Patch Update (CPUAPR2023).
QID 150677: Atlassian Jira Unauthorized Access to Dashboards
| CVE-ID | NA |
| Severity | Level 3 |
| CVSS 3.1 | 5.3 |
| CWE-ID | 284 |
| Affected Versions | Atlassian Jira Server |
Description:
Jira is a popular issue-tracking and project-management tool developed by Atlassian. However, a security vulnerability has been identified in Jira Server that allows remote attackers to access dashboards through the /rest/api/2/dashboard endpoint, even without authentication. This could potentially allow an attacker to view sensitive information or perform unauthorized actions.
To mitigate this vulnerability, it is recommended to block unauthenticated access to the affected URL, /rest/api/2/dashboard, at the network level. For more information on this vulnerability, please refer to the official Atlassian Jira Server documentation.
QID 150678: Atlassian Jira Unauthorized Access to Admin Projects
| CVE-ID | NA |
| Severity | Level 3 |
| CVSS 3.1 | 5.3 |
| CWE-ID | 284 |
| Affected Versions | Atlassian Jira Server |
Description:
Jira is a popular proprietary issue-tracking product developed by Atlassian, offering various functionalities such as bug tracking, issue tracking, and project management. However, Jira Server has a critical security vulnerability that enables remote attackers to access Admin Projects via the /rest/menu/latest/admin endpoint, potentially compromising sensitive data and the overall security of the Jira Server instance.
To mitigate this vulnerability, it is recommended to block unauthenticated access to the URL */rest/menu/latest/admin at the network level. For further information on this vulnerability, please refer to the Atlassian Jira Server advisory JRASERVER-64963.
QID 154133: WordPress Multiple Vulnerabilities: Security Release 6.0.2
| CVE-ID | NA |
| Severity | Level 4 |
| CVSS 3.1 | 7.3 |
| CWE-ID | 1352 |
| Affected Versions | WordPress versions prior to 6.0.2 |
Description:
WordPress, a popular open-source content management system, is currently affected by multiple security vulnerabilities such as SQL injection (SQLi) and Cross-Site Scripting (XSS). These vulnerabilities can potentially lead to the compromise of the target application’s confidentiality, availability, and integrity. Further details about these vulnerabilities are available in the WordPress Security Release 6.0.2. We recommend customers to upgrade to the latest version of WordPress in order to mitigate these vulnerabilities. For additional information on these security issues, please refer to the WordPress Security Release.
QID 154134: WordPress Multiple Vulnerabilities: Security Release 6.0.3
| CVE-ID | NA |
| Severity | Level 4 |
| CVSS 3.1 | 7.3 |
| CWE-ID | 1352 |
| Affected Versions | WordPress versions prior to 6.0.3 |
Description:
WordPress is a popular content management system used by millions of websites worldwide. However, multiple vulnerabilities such as Data Exposure, CSRF, Open redirect, SQL injection (SQLi) and Cross-Site-Scripting (XSS) have been identified in affected versions of WordPress. These vulnerabilities could potentially harm the Confidentiality, Availability and Integrity of the target application if exploited successfully. To remediate these vulnerabilities, customers are strongly advised to upgrade to the latest version of WordPress as soon as possible. More details about these vulnerabilities can be found in WordPress Security Release 6.0.3.