d4lyw / CVE-2024-46627 Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

CVE-2024-46627 - Incorrect access control in BECN DATAGERRY v2.2 allows attackers to > execute arbitrary commands via crafted web requests.

0 stars 0 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md

Repository files navigation

CVE-2024-46627 - Incorrect access control in BECN DATAGERRY v2.2 allows attackers to > execute arbitrary commands via crafted web requests.

DATAGERRY v2.2 lacks access control in the REST API for the following endpoints:

/rest/users/<id>/settings/ (GET, POST)

/rest/users/<id>/settings/<setting> (DELETE, PUT)

This allows an attacker to read settings, create settings, delete settings, and update settings of any user without authentication.

Additional information

To reproduce this it's possible to use the docker setup here: https://datagerry.readthedocs.io/en/latest/admin_guide/setup.html (as of 25th Sept 2024).
It's possible to determine valid payloads from the information here: https://datagerry.readthedocs.io/en/latest/api/rest/user-management.html#settings
See the following for repro steps with pictures: https://daly.wtf/cve-2024-46627-incorrect-access-control-in-becn-datagerry-v2-2-allows-attackers-to-execute-arbitrary-commands-via-crafted-web-requests/

This is expected to be fixed in the next release.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46627

About

CVE-2024-46627 - Incorrect access control in BECN DATAGERRY v2.2 allows attackers to > execute arbitrary commands via crafted web requests.

Report repository

Releases

No releases published

Packages

No packages published