Skip to content

Commit f69b11f

Browse files
jasnowpostmodern
jasnow
authored and
postmodern
committed
GHSA SYNC: 1 brand new advisory
1 parent a30efc4 commit f69b11f

File tree

1 file changed

+67
-0
lines changed

1 file changed

+67
-0
lines changed

gems/decidim-decidim_awesome/CVE-2024-43415.yml

+67
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
---
2+
gem: decidim-decidim_awesome
3+
cve: 2024-43415
4+
ghsa: cxwf-qc32-375f
5+
url: https://github.com/decidim-ice/decidim-module-decidim_awesome/security/advisories/GHSA-cxwf-qc32-375f
6+
title: Decidim-Awesome has SQL injection in AdminAccountability
7+
date: 2024-11-12
8+
description: |
9+
## Vulnerability type: CWE-89: Improper Neutralization of Special
10+
11+
Elements used in an SQL Command ('SQL Injection')
12+
13+
## Vendor:
14+
15+
Decidim International
16+
Community Environment
17+
18+
### Has vendor confirmed: Yes
19+
20+
### Attack type: Remote
21+
22+
### Impact:
23+
24+
Code Execution
25+
Escalation of Privileges
26+
Information Disclosure
27+
28+
### Affected component:
29+
30+
A raw sql-statement that uses an interpolated variable
31+
exists in the admin_role_actions method of the
32+
`papertrail/version-model(app/models/decidim/decidim_awesome/paper_trail_version.rb`).
33+
34+
### Attack vector:
35+
36+
An attacker with admin permissions could manipulate database queries
37+
in order to read out the database, read files from the filesystem,
38+
write files from the filesystem. In the worst case, this could lead
39+
to remote code execution on the server.
40+
41+
Description of the vulnerability for use in the CVE
42+
[ℹ] (https://cveproject.github.io/docs/content/key-details-\nphrasing.pdf):
43+
An improper neutralization of special elements used in an SQL
44+
command in the `papertrail/version-\nmodel` of the
45+
decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated
46+
admin user to manipulate sql queries\nto disclose information,
47+
read and write files or execute commands.
48+
49+
### Discoverer Credits: Wolfgang Hotwagner
50+
51+
### References:
52+
53+
https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability
54+
https://portswigger.net/web-security/sql-injection
55+
cvss_v3: 9.0
56+
unaffected_versions:
57+
- "< 0.11.0"
58+
patched_versions:
59+
- "~> 0.10.3"
60+
- ">= 0.11.2"
61+
related:
62+
url:
63+
- https://nvd.nist.gov/vuln/detail/CVE-2024-43415
64+
- https://github.com/decidim-ice/decidim-module-decidim_awesome/commit/84374037d34a3ac80dc18406834169c65869f11b
65+
- https://github.com/decidim-ice/decidim-module-decidim_awesome/security/advisories/GHSA-cxwf-qc32-375f
66+
- https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability
67+
- https://github.com/advisories/GHSA-cxwf-qc32-375f

0 commit comments

Comments
 (0)