Date: Tue, 19 Mar 2024 08:57:12 +0000 (UTC) Message-ID: <856888418.2742.1710838632136@skald.opmantek.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_2741_795285831.1710838632136" ------=_Part_2741_795285831.1710838632136 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This issue affects all installations of Open-AudIT prior to version= 3.2.0.
A new version of Open-AudIT is available from http://www.open-audit.org/downloads.php&n= bsp;and https:= //opmantek.com/network-tools-download/.
Users are advised to upgrade ASAP to Open-AudIT 3.2.0.
This issue was reported to us by Jack Cable (thanks Jack). A link t= he the CVE is https://nvd.nist.gov/vuln/detail/CV= E-2019-16293
If an authenticated user with Discovery Create permissions deliberately = injects characters into the field that contains the URL on the Create Disco= veries template, the field contents will be passed to the command line that= runs the discovery script and be executed. The user can inject any command= .
The issue has been addressed by filtering any characters for this input = that are not:
a-z A-Z 0-9 / :
This filtering occurs both at time of submission and upon command creati= on.
The conditions of successful exploitation are that the attacker must hav= e a role with the ability to edit discoveries in Open-AudIT and maliciously= insert characters to break the command execution.
Open-AudIT 3.1.2 and earlier.
A patch for the issue described in this bulletin is available in the Ope= n-AudIT v3.2.0 release. This release is available from http://www.openaudit.org and https://opmantek.com.
Upgrade to Open-AudIT 3.2.0.
The issue was addressed by Opmantek and upgrading to Open-AudIT 3.2.0 wi= ll include this fix and remove the issue.
The preferred method of mitigation is an upgrade to Open-AudIT 3.2.0.