User Input Sanitization Flaw in LibreNMS Network Monitoring System
CVE-2024-49758

4.8MEDIUM

Key Information:

Vendor: Librenms
Status: Librenms
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-49758?

A vulnerability exists in the LibreNMS network monitoring system, specifically affecting the ability of users with Admin roles to add notes to devices. Due to inadequate sanitization of user input, if JavaScript code is included within the device's notes, it can be executed when the ExamplePlugin is enabled. This oversight can lead to Cross-Site Scripting (XSS) attacks, potentially compromising the integrity and confidentiality of the system. The issue has been addressed in version 24.10.0, urging users to update promptly to mitigate this risk.

References

https://github.com/librenms/librenms/security/advisories/...

https://github.com/librenms/librenms/commit/24b142d753898...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024

Librenms

What is CVE-2024-49758?

References

CVSS V3.1

Timeline