LibreNMS Fixes Security Vulnerability in Network Monitoring System
CVE-2024-47524

4.8MEDIUM

Key Information:

Vendor: Librenms
Status: Librenms
Vendor: CVE Published:; 1 October 2024

What is CVE-2024-47524?

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0.

Affected Version(s)

librenms 24.9.0

References

https://github.com/librenms/librenms/security/advisories/...

x_refsource_CONFIRM

https://github.com/librenms/librenms/commit/d3b51560a8e23...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 1, 2024
Vulnerability Reserved
Sep 25, 2024

Librenms

What is CVE-2024-47524?

Affected Version(s)

References

CVSS V3.1

Timeline