June 2023 Web Application Vulnerabilities Released

Hitesh Kadu

The Qualys Web Application Scanning (WAS) team has released a crucial update to its security signatures, which now includes detection for vulnerabilities in several widely used software applications like Ghost CMS, MOVEit Transfer, Grafana, Apache OFBiz, Apache Tomcat, Joomla. If left unaddressed, these vulnerabilities could lead to serious security risks such as data breaches, unauthorized access, and other malicious activities. It is essential for organizations to perform a comprehensive security review and address any potential vulnerabilities to ensure the safety and security of their networks and systems.

QIDTitle
150689Ghost CMS Path Traversal Vulnerability (CVE-2023-32235)
150691MOVEit Transfer SQL Injection Vulnerability (CVE-2023-34362)
150692Grafana Improper Access Control Vulnerability (CVE-2023-2183)
150693Grafana Race Condition Vulnerability (CVE-2023-2801)
150694Apache OFBiz: Arbitrary File Read Vulnerability (CVE-2022-47501)
150695Apache Tomcat Information Disclosure Vulnerability (CVE-2023-34981)
154142Joomla! Core Multiple Vulnerabilities (CVE-2023-23755, CVE-2023-23754)

QID 150689: Ghost CMS Path Traversal Vulnerability (CVE-2023-32235)

CVE-IDCVE-2023-32235
SeverityLevel 3
CVSS 3.17.5
CWE-ID22
Affected VersionsGhost prior to version 5.42.1

Description:

Ghost is an open-source, headless Node.js CMS and blogging platform that provides a simplified process for online publishing. We have identified a security vulnerability in certain versions of Ghost that could potentially be exploited by remote attackers.

The vulnerability allows attackers to read arbitrary files located within the active theme’s folder by utilizing a directory traversal technique through the “/assets/built%2F..%2F..%2F/” path. This vulnerability specifically affects the “frontend/web/middleware/static-theme.js” component. If successfully exploited, remote attackers could gain unauthorized access to sensitive files within the targeted application.

To mitigate this vulnerability and ensure the security of your Ghost installation, it is strongly recommended that customers upgrade to the latest version of Ghost. For more detailed information about this vulnerability and the recommended steps to remediate it, we encourage you to refer to the GitHub Security Advisory.

QID 150691: MOVEit Transfer SQL Injection Vulnerability (CVE-2023-34362)

CVE-IDCVE-2023-34362
SeverityLevel 5
CVSS 3.19.8
CWE-ID89
Affected VersionsMOVEit Transfer Before 2021.0.6 (13.0.6)
MOVEit Transfer Before 2021.1.4 (13.1.4)
MOVEit Transfer Before 2022.0.4 (14.0.4)
MOVEit Transfer Before 2022.1.5 (14.1.5)
MOVEit Transfer Before 2023.0.1 (15.0.1)

Description:

MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch, designed to securely exchange files between business partners and customers using SFTP, SCP, and HTTP-based uploads. We have identified a critical security vulnerability in certain versions of MOVEit Transfer that requires immediate attention.

The vulnerability involves a SQL injection flaw within the MOVEit Transfer web application. This vulnerability could be exploited by an unauthenticated attacker to gain unauthorized access to the underlying database. Depending on the database engine in use (MySQL, Microsoft SQL Server, or Azure SQL), the attacker may be able to extract sensitive information, including the database’s structure and contents. Furthermore, they could execute arbitrary SQL statements capable of modifying or deleting important data within the database.

Exploiting this vulnerability, an attacker without valid credentials could potentially breach the database, extract sensitive information, and manipulate critical database elements.

To safeguard your MOVEit Transfer deployment and mitigate this vulnerability, it is crucial to upgrade to the latest available version of MOVEit Transfer. We strongly advise all affected customers to promptly upgrade their MOVEit Transfer installations to the latest version.

QID 150692: Grafana Improper Access Control Vulnerability (CVE-2023-2183)

CVE-IDCVE-2023-2183
SeverityLevel 3
CVSS 3.16.4
CWE-ID862,284
Affected VersionsGrafana versions from 8.0.0 to 8.5.25
Grafana versions from 9.0.0 to 9.2.18
Grafana versions from 9.3.0 to 9.3.14
Grafana versions from 9.4.0 to 9.4.11
Grafana versions from 9.5.0 to 9.5.2

Description:

Grafana, a versatile open-source analytics and visualization web application, provides powerful charting, graphing, and alerting capabilities when connected to compatible data sources. We have identified a security vulnerability within Grafana that requires immediate attention.

Specifically, there is a flaw in the user panel UI, where users with the Viewer role are unable to access the option to send a test alert. However, despite this limitation in the UI, it is still possible for a user with the Viewer role to send a test alert using the API. Unfortunately, the API does not enforce access restrictions for this functionality. Exploiting this vulnerability, malicious users with the Viewer role could potentially abuse the test alert functionality by sending multiple alert messages to email and Slack channels. This can result in user spamming, phishing attacks, or the disruption of SMTP servers. The consequences may include blocked SMTP servers or IPs, automatic redirection of messages to spam folders, and the addition of IP addresses to blacklists.

To safeguard your Grafana installation and mitigate this vulnerability, it is crucial to upgrade to the latest version available. We strongly recommend that all affected customers promptly upgrade their Grafana installations to the latest version.

QID 150693: Grafana Race Condition Vulnerability (CVE-2023-2801)

CVE-IDCVE-2023-2801
SeverityLevel 3
CVSS 3.15.3
CWE-ID662,820
Affected VersionsGrafana versions from 9.4.0 to 9.4.11
Grafana versions from 9.5.0 to 9.5.2

Description:

Grafana, a versatile open-source analytics and visualization web application, empowers users with interactive charts, graphs, and alerts when connected to compatible data sources. We have identified a critical security vulnerability that requires immediate attention.

Currently, there is a potential issue with mixed queries in public dashboards, where users can query multiple distinct data sources. In certain cases, executing such mixed queries can lead to a crash of the Grafana instance. It is important to note that the public dashboards feature is the only component utilizing mixed queries at this time. However, it is also possible for malicious users to exploit this vulnerability by directly calling the query API. By leveraging this vulnerability, attackers may be able to deliberately crash Grafana instances through the affected endpoint. This can result in service disruptions and the unavailability of Grafana for legitimate users.

To ensure the security and stability of your Grafana deployment, it is crucial to upgrade to the latest version available. We strongly advise all affected customers to promptly upgrade their Grafana installations to the latest version.

QID 150694: Apache OFBiz: Arbitrary File Read Vulnerability (CVE-2022-47501)

CVE-IDCVE-2022-47501
SeverityLevel 4
CVSS 3.17.5
CWE-ID22
Affected VersionsApache OFBiz: before 18.12.07.

Description:

Apache OFBiz is an open-source enterprise resource planning system that offers a comprehensive suite of applications to streamline business processes. We have discovered a critical vulnerability in Apache OFBiz, specifically when utilizing the Solr plugin, which allows arbitrary file reading. This vulnerability poses a significant risk as it can be exploited without authentication, enabling remote attackers to access sensitive files on the targeted server.

To safeguard your system and protect against potential data breaches or unauthorized access, it is imperative that you upgrade to the latest version of Apache OFBiz. For more detailed information on this vulnerability and specific instructions on upgrading, we recommend referring to the advisory provided by the Apache OFBiz Advisory.

QID 150695: Apache Tomcat Information Disclosure Vulnerability (CVE-2023-34981)

CVE-IDCVE-2023-34981
SeverityLevel 3
CVSS 3.17.5
CWE-ID200
Affected VersionsApache Tomcat 11.0.0-M5
Apache Tomcat 10.1.8
Apache Tomcat 9.0.74
Apache Tomcat 8.5.88

Description:

Apache Tomcat, an open-source web server and servlet container, has identified a regression introduced in the fix for bug 66512. This regression affects the proper handling of HTTP headers in certain scenarios, potentially leading to an information leak. Specifically, if a response does not include any HTTP headers, a subsequent AJP SEND_HEADERS message may not be sent for that response. Consequently, certain AJP proxies, such as mod_proxy_ajp, may unintentionally utilize the response headers from the previous request, inadvertently exposing sensitive information to potential attackers.

To mitigate this vulnerability and ensure the confidentiality of your data, it is crucial to upgrade to the latest version of Apache Tomcat. For further details regarding this vulnerability and comprehensive guidance on upgrading, we encourage you to consult the official Apache Security documentation.

QID 154142: Joomla! Core Multiple Vulnerabilities (CVE-2023-23755, CVE-2023-23754)

CVE-IDCVE-2023-23755,CVE-2023-23754
SeverityLevel 4
CVSS 3.17.5
CWE-ID307,20,601
Affected VersionsJoomla! CMS versions 4.2.0 – 4.3.1

Description:

Joomla!, a popular open-source content management system, has identified several vulnerabilities in certain versions of Joomla Core. These vulnerabilities include:

CVE-2023-23755: The absence of rate limiting in the system has allowed for brute force attacks targeting multi-factor authentication (MFA) methods. This weakness in the authentication process could potentially compromise the security of Joomla servers.

CVE-2023-23754: Insufficient input validation has led to an open redirect and cross-site scripting (XSS) vulnerability in the new MFA selection screen. Exploiting these vulnerabilities may grant unauthorized access to Joomla servers and compromise their integrity.

To address these security issues and protect your Joomla website, it is essential to upgrade to the latest available version of Joomla. For more detailed information about these vulnerabilities and comprehensive instructions on upgrading, we advise referring to the official Joomla security advisories [20230502] and [20230501].

Share your Comments

Comments

Your email address will not be published. Required fields are marked *