RCE via unsanitized alert expr in Hertzbeat < v1.4.1
CVE-2023-51387 Published on December 22, 2023
Expression Injection Vulnerability in Hertzbeat
Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1.
Vulnerability Analysis
CVE-2023-51387 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2023-51387 has been classified to as a Code Injection vulnerability or weakness.
Products Associated with CVE-2023-51387
stack.watch emails you whenever new vulnerabilities are published in Dromara Hertzbeat or Apache Hertzbeat. Just hit a watch button to start following.
Affected Versions
dromara hertzbeat Version < 1.4.1 is affected by CVE-2023-51387Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.