April 2023 Web Application Vulnerabilities Released

Hitesh Kadu

The Qualys Web Application Scanning (WAS) team has released a crucial update to its security signatures, which now includes detection for vulnerabilities in several widely used software applications like Webmin, GeoServer, Grafana, WordPress, WebDav, Oracle WebLogic Server and Atlassian Jira Server. If left unaddressed, these vulnerabilities could lead to serious security risks such as data breaches, unauthorized access, and other malicious activities. It is essential for organizations to perform a comprehensive security review and address any potential vulnerabilities to ensure the safety and security of their networks and systems.

QIDTitle
150666Webmin Cross-Site Scripting (XSS) Vulnerability (CVE-2022-36880)
150667GeoServer JAI-EXT Remote Code Execution (RCE) Vulnerability (CVE-2022-24816)
150668Grafana Stored Cross Site Scripting Vulnerability (CVE-2023-1410)
150669WordPress Shopping Cart and eCommerce Store Plugin: Local File Inclusion Vulnerability (CVE-2023-1124)
150670WordPress User Role by BestWebSoft Plugin: Cross-Site Request Forgery (CSRF) vulnerability (CVE-2023-0820)
150671WordPress WP Fastest Cache Plugin: Prior to 1.1.2 Multiple Security Vulnerabilities
150672WebDAV Detected
150673GeoServer OGC Filter SQL Injection Vulnerability (CVE-2023-25157)
150674Atlassian Jira Unauthorized Access to Installed Gadgets
150676Oracle WebLogic Server Multiple Vulnerabilities (APR-2023)
150677Atlassian Jira Unauthorized Access to Dashboards
150678Atlassian Jira Unauthorized Access to Admin Projects
154133WordPress Multiple Vulnerabilities: Security Release 6.0.2
154134WordPress Multiple Vulnerabilities: Security Release 6.0.3

QID 150666: Webmin Cross-Site Scripting (XSS) Vulnerability (CVE-2022-36880)

CVE-IDCVE-2022-36880
SeverityLevel 3
CVSS 3.16.1
CWE-ID79
Affected VersionsWebmin versions prior to 1.995

Description:

Webmin is a web-based server management control panel for Unix-like systems. A cross-site scripting (XSS) vulnerability exists in the HTTP Tunnel module of Webmin version 1.995 and below. If a less-privileged Webmin user is given permission to edit the configuration of the HTTP Tunnel module, he/she could use this to introduce a vulnerability that captures cookies belonging to other Webmin users that use the module. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information.

Customers are advised to upgrade to the latest version of  Webmin to remediate this vulnerability.

QID 150667: GeoServer JAI-EXT Remote Code Execution (RCE) Vulnerability (CVE-2022-24816)

CVE-IDCVE-2022-24816
SeverityLevel 5
CVSS 3.19.8
CWE-ID94
Affected VersionsGeoServer prior to version 1.1.22

Description:

GeoServer is an open-source server for sharing geospatial data which comes with JAI-EXT API. A vulnerability has been found in Jiffle, a map algebra language provided by JAI-EXT that allows efficiently executing map algebra over large images. The vulnerability allows a code injection to be performed by properly crafting a Jiffle invocation. In the case of GeoServer, the injection can be performed from a remote request. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system.

Customers are advised to upgrade to the latest version of GeoServer to remediate this vulnerability. For more information please refer GitHub Security Advisory

QID 150668: Grafana Stored Cross Site Scripting Vulnerability (CVE-2023-1410)

CVE-IDCVE-2023-1410
SeverityLevel 3
CVSS 3.14.8
CWE-ID79
Affected VersionsGrafana versions from 8.1.0 to 8.5.21
Grafana versions from 9.0.0 to 9.2.14
Grafana versions from 9.3.0 to 9.3.10

Description:

Grafana is an open-source platform for monitoring and observability that provides charts, graphs, and alerts for the web when connected to supported data sources. A stored XSS vulnerability was found in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due to the value of the Function Description not being properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information.

Customers are advised to upgrade to Grafana to the latest version to remediate this vulnerability. For more information regarding this vulnerability please refer Grafana Advisory.

QID 150669: WordPress Shopping Cart and eCommerce Store Plugin: Local File Inclusion Vulnerability (CVE-2023-1124)

CVE-IDCVE-2023-1124
SeverityLevel 4
CVSS 3.17.2
CWE-ID22
Affected VersionsShopping Cart and eCommerce Store prior to 5.4.3

Description:

The WordPress Shopping Cart plugin is a WordPress plugin that will automatically create 3 new pages in WordPress for the store, cart, and account. This plugin contains a vulnerability that could allow authenticated users with admin privileges to perform Local File Inclusion (LFI) attacks by exploiting the lack of HTTP request validation. Successful exploitation of the vulnerability may allow remote attackers to read sensitive files on the target server.

Customers are advised to upgrade to Shopping Cart 5.4.3 or a later version to remediate this vulnerability.

QID 150670: WordPress User Role by BestWebSoft Plugin: Cross-Site Request Forgery (CSRF) vulnerability (CVE-2023-0820)

CVE-IDCVE-2023-0820
SeverityLevel 4
CVSS 3.18.8
CWE-ID352
Affected VersionsUser Role plugin prior to 1.6.7

Description:

User Role is a WordPress plugin that makes it easy to manage your WordPress website role capabilities. A vulnerability report by Patchstack, the plugin lacks proper Cross-Site Request Forgery (CSRF) protection in requests that update role capabilities, allowing an attacker to escalate their privileges to any role on the site. An authenticated attacker could potentially gain access to sensitive data or perform unauthorized actions on the site. Customers are advised to upgrade to User Role 1.6.7 or a later version to remediate this vulnerability.

QID 150671: WordPress WP Fastest Cache Plugin: Prior to 1.1.2 Multiple Security Vulnerabilities

CVE-IDCVE-2023-1918
CVE-2023-1919
CVE-2023-1920
CVE-2023-1921
CVE-2023-1922
CVE-2023-1923
CVE-2023-1924
CVE-2023-1925
CVE-2023-1926
CVE-2023-1927
CVE-2023-1928
CVE-2023-1929
CVE-2023-1930
CVE-2023-1931
SeverityLevel 4
CVSS 3.14.3
CWE-ID352,862
Affected VersionsWP Fastest Cache versions up to and including 1.1.2

Description:

WP Fastest Cache is a popular WordPress plugin that helps optimize website performance by caching pages and minimizing load times. However, the plugin has been found to contain multiple vulnerabilities, including several cross-site request forgery (CSRF) issues and missing authorization vulnerabilities.

These vulnerabilities could potentially be exploited by attackers to perform unauthorized actions, such as deleting cache or accessing sensitive information, compromising the security, integrity, and availability of the website.

To mitigate the risks associated with these vulnerabilities, customers are strongly advised to upgrade to the latest version of WP Fastest Cache (1.1.3 or later).

QID 150672: WebDAV Detected

CVE-IDNA
SeverityLevel 3
CVSS 3.17.3
CWE-ID434,815
Affected VersionsWebDav

Description:

WebDAV (Web Distributed Authoring and Versioning) is an HTTP protocol extension that enables users to edit and manage files on a web server. However, enabling WebDAV without proper security measures can lead to significant security risks, including unauthorized access, data modification, or destruction. Attackers can exploit WebDAV for various types of attacks, such as injection attacks, file manipulation, and denial-of-service attacks, among others.

To prevent such vulnerabilities, it is recommended that customers properly configure WebDAV with secure authentication, access controls, and regular monitoring and updates.

QID 150673: GeoServer OGC Filter SQL Injection Vulnerability (CVE-2023-25157)

CVE-IDCVE-2023-25157
SeverityLevel 4
CVSS 3.19.8
CWE-ID89
Affected VersionsGeoServer Versions prior to version 2.18.7
GeoServer Versions from 2.19.0 prior to version 2.18.7
GeoServer Versions from 2.20.0 prior to version 2.18.7
GeoServer Versions from 2.21.0 prior to version 2.21.4
GeoServer Versions from 2.22.0 prior to version 2.21.2

Description:

GeoServer is a popular open-source server for sharing and editing geospatial data, written in Java. It provides support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. Additionally, CQL is supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. However, GeoServer’s OGC Filter is susceptible to multiple SQL injection vulnerabilities. If exploited, this vulnerability could allow an attacker to execute arbitrary commands, posing a significant threat to the system’s confidentiality, integrity, and availability.

To address these vulnerabilities, customers are strongly advised to upgrade to the latest version of GeoServer. For further information on this issue, please refer to GeoServer‘s official advisory.

QID 150674: Atlassian Jira Unauthorized Access to Installed Gadgets

CVE-IDNA
SeverityLevel 3
CVSS 3.15.3
CWE-ID284
Affected VersionsAtlassian Jira Server

Description:

Atlassian Jira Server, a popular issue tracking and project management software, has been found to contain a security vulnerability. The flaw allows remote attackers to gain access to installed gadgets via the /rest/config/1.0/directory endpoint. Gadgets are small web applications that provide additional functionality and integration with other systems when installed on Jira dashboards. If exploited, this vulnerability could enable an attacker to obtain sensitive information or perform unauthorized actions through the installed gadgets on Jira Server.

It is recommended that customers block unauthenticated access to the specific URL */rest/config/1.0/directory at the network level to prevent potential attacks. For more information about this vulnerability and remediation steps, please refer to the JRASERVER-72613 advisory.

QID 150676: Oracle WebLogic Server Multiple Vulnerabilities (APR-2023)

CVE-IDCVE-2023-24998
CVE-2022-40152
CVE-2021-36090
CVE-2023-24998
CVE-2022-45685
CVE-2021-31684
CVE-2023-21996
CVE-2023-21931
CVE-2023-21964
CVE-2023-21979
CVE-2020-25638
CVE-2020-6950
CVE-2023-21956
CVE-2023-21960
CVE-2021-22569
CVE-2022-31160
SeverityLevel 4
CVSS 3.17.5
CWE-ID1352
Affected VersionsOracle WebLogic Server, version(s) 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0

Description:

Oracle WebLogic Server, previously known as BEA WebLogic Server, is a popular platform for enterprises to build and deploy their applications and services. However, recent reports indicate that the Oracle WebLogic Server component in Oracle Fusion Middleware for versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 has been found to have multiple vulnerabilities.

The consequences of exploiting these vulnerabilities are dire. An attacker who successfully exploits these weaknesses can potentially compromise and take control of the entire Oracle WebLogic Server. This can lead to the attacker having access to sensitive information, and disrupting the normal functioning of the enterprise applications and services hosted on the server.

To mitigate these risks, Oracle has released patches for these vulnerabilities. Customers are advised to immediately update their Oracle WebLogic Server installations to the latest patched version. The detailed information about the patches and their installation process can be found in Oracle’s Critical Patch Update (CPUAPR2023).

QID 150677: Atlassian Jira Unauthorized Access to Dashboards

CVE-IDNA
SeverityLevel 3
CVSS 3.15.3
CWE-ID284
Affected VersionsAtlassian Jira Server

Description:

Jira is a popular issue-tracking and project-management tool developed by Atlassian. However, a security vulnerability has been identified in Jira Server that allows remote attackers to access dashboards through the /rest/api/2/dashboard endpoint, even without authentication. This could potentially allow an attacker to view sensitive information or perform unauthorized actions.

To mitigate this vulnerability, it is recommended to block unauthenticated access to the affected URL, /rest/api/2/dashboard, at the network level. For more information on this vulnerability, please refer to the official Atlassian Jira Server documentation.

QID 150678: Atlassian Jira Unauthorized Access to Admin Projects

CVE-IDNA
SeverityLevel 3
CVSS 3.15.3
CWE-ID284
Affected VersionsAtlassian Jira Server

Description:

Jira is a popular proprietary issue-tracking product developed by Atlassian, offering various functionalities such as bug tracking, issue tracking, and project management. However, Jira Server has a critical security vulnerability that enables remote attackers to access Admin Projects via the /rest/menu/latest/admin endpoint, potentially compromising sensitive data and the overall security of the Jira Server instance.

To mitigate this vulnerability, it is recommended to block unauthenticated access to the URL */rest/menu/latest/admin at the network level. For further information on this vulnerability, please refer to the Atlassian Jira Server advisory JRASERVER-64963.

QID 154133: WordPress Multiple Vulnerabilities: Security Release 6.0.2

CVE-IDNA
SeverityLevel 4
CVSS 3.17.3
CWE-ID1352
Affected VersionsWordPress versions prior to 6.0.2

Description:

WordPress, a popular open-source content management system, is currently affected by multiple security vulnerabilities such as SQL injection (SQLi) and Cross-Site Scripting (XSS). These vulnerabilities can potentially lead to the compromise of the target application’s confidentiality, availability, and integrity. Further details about these vulnerabilities are available in the WordPress Security Release 6.0.2. We recommend customers to upgrade to the latest version of WordPress in order to mitigate these vulnerabilities. For additional information on these security issues, please refer to the WordPress Security Release.

QID 154134: WordPress Multiple Vulnerabilities: Security Release 6.0.3

CVE-IDNA
SeverityLevel 4
CVSS 3.17.3
CWE-ID1352
Affected VersionsWordPress versions prior to 6.0.3

Description:

WordPress is a popular content management system used by millions of websites worldwide. However, multiple vulnerabilities such as Data Exposure, CSRF, Open redirect, SQL injection (SQLi) and Cross-Site-Scripting (XSS) have been identified in affected versions of WordPress. These vulnerabilities could potentially harm the Confidentiality, Availability and Integrity of the target application if exploited successfully. To remediate these vulnerabilities, customers are strongly advised to upgrade to the latest version of WordPress as soon as possible. More details about these vulnerabilities can be found in WordPress Security Release 6.0.3.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *