Skip to content

Commit 2d08512

Browse files
jasnowRubySec CI
jasnow
authored and
RubySec CI
committed
Updated advisory posts against rubysec/ruby-advisory-db@f69b11f 
1 parent 5e1d0c5 commit 2d08512

File tree

1 file changed

+75
-0
lines changed

1 file changed

+75
-0
lines changed

advisories/_posts/2024-11-12-CVE-2024-43415.md

+75
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
---
2+
layout: advisory
3+
title: 'CVE-2024-43415 (decidim-decidim_awesome): Decidim-Awesome has SQL injection
4+
in AdminAccountability'
5+
comments: false
6+
categories:
7+
- decidim-decidim_awesome
8+
advisory:
9+
gem: decidim-decidim_awesome
10+
cve: 2024-43415
11+
ghsa: cxwf-qc32-375f
12+
url: https://github.com/decidim-ice/decidim-module-decidim_awesome/security/advisories/GHSA-cxwf-qc32-375f
13+
title: Decidim-Awesome has SQL injection in AdminAccountability
14+
date: 2024-11-12
15+
description: |
16+
## Vulnerability type: CWE-89: Improper Neutralization of Special
17+
18+
Elements used in an SQL Command ('SQL Injection')
19+
20+
## Vendor:
21+
22+
Decidim International
23+
Community Environment
24+
25+
### Has vendor confirmed: Yes
26+
27+
### Attack type: Remote
28+
29+
### Impact:
30+
31+
Code Execution
32+
Escalation of Privileges
33+
Information Disclosure
34+
35+
### Affected component:
36+
37+
A raw sql-statement that uses an interpolated variable
38+
exists in the admin_role_actions method of the
39+
`papertrail/version-model(app/models/decidim/decidim_awesome/paper_trail_version.rb`).
40+
41+
### Attack vector:
42+
43+
An attacker with admin permissions could manipulate database queries
44+
in order to read out the database, read files from the filesystem,
45+
write files from the filesystem. In the worst case, this could lead
46+
to remote code execution on the server.
47+
48+
Description of the vulnerability for use in the CVE
49+
[ℹ] (https://cveproject.github.io/docs/content/key-details-\nphrasing.pdf):
50+
An improper neutralization of special elements used in an SQL
51+
command in the `papertrail/version-\nmodel` of the
52+
decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated
53+
admin user to manipulate sql queries\nto disclose information,
54+
read and write files or execute commands.
55+
56+
### Discoverer Credits: Wolfgang Hotwagner
57+
58+
### References:
59+
60+
https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability
61+
https://portswigger.net/web-security/sql-injection
62+
cvss_v3: 9.0
63+
unaffected_versions:
64+
- "< 0.11.0"
65+
patched_versions:
66+
- "~> 0.10.3"
67+
- ">= 0.11.2"
68+
related:
69+
url:
70+
- https://nvd.nist.gov/vuln/detail/CVE-2024-43415
71+
- https://github.com/decidim-ice/decidim-module-decidim_awesome/commit/84374037d34a3ac80dc18406834169c65869f11b
72+
- https://github.com/decidim-ice/decidim-module-decidim_awesome/security/advisories/GHSA-cxwf-qc32-375f
73+
- https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability
74+
- https://github.com/advisories/GHSA-cxwf-qc32-375f
75+
---

0 commit comments

Comments
 (0)