Vulnerability Details : CVE-2023-34096
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
Vulnerability category: Directory traversal
Products affected by CVE-2023-34096
- cpe:2.3:a:thruk:thruk:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-34096
2.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-34096
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2023-34096
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-34096
-
https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L735
Thruk/panorama.pm at 1bc5a5804bf9fc22e82a4eadb21a1795954f0867 · sni/Thruk · GitHubExploit
-
https://www.exploit-db.com/exploits/51509
Thruk Monitoring Web Interface 3.06 - Path Traversal - Perl webapps Exploit
-
https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L727
Thruk/panorama.pm at 1bc5a5804bf9fc22e82a4eadb21a1795954f0867 · sni/Thruk · GitHubExploit
-
https://github.com/galoget/Thruk-CVE-2023-34096
GitHub - galoget/Thruk-CVE-2023-34096: Thruk Monitoring Web Interface <= 3.06 vulnerable to CVE-2023-34096 (Path Traversal).
-
https://github.com/sni/Thruk/commit/26de047275c355c5ae2bbbc51b164f0f8bef5c5b
update changelog · sni/Thruk@26de047 · GitHubPatch
-
https://github.com/sni/Thruk/security/advisories/GHSA-vhqc-649h-994h
Path Traversal Vulnerability in panorama.pm · Advisory · sni/Thruk · GitHubExploit;Vendor Advisory
-
https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L690
Thruk/panorama.pm at 1bc5a5804bf9fc22e82a4eadb21a1795954f0867 · sni/Thruk · GitHubExploit
-
http://packetstormsecurity.com/files/172822/Thruk-Monitoring-Web-Interface-3.06-Path-Traversal.html
Thruk Monitoring Web Interface 3.06 Path Traversal ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L705
Thruk/panorama.pm at 1bc5a5804bf9fc22e82a4eadb21a1795954f0867 · sni/Thruk · GitHubExploit
-
https://galogetlatorre.blogspot.com/2023/06/cve-2023-34096-path-traversal-thruk.html
CVE-2023-34096: Path Traversal Vulnerability in Thruk Monitoring Web Interface ~ Ethical Hacking, Malware Analysis, Disinfection Techniques and more...
-
https://github.com/sni/Thruk/commit/cf03f67621b7bb20e2c768bc62b30e976206aa17
panorama: fix folder validation · sni/Thruk@cf03f67 · GitHubPatch
Jump to