What is the severity of CVE-2023-48294?

The severity of CVE-2023-48294 is medium with a CVSS score of 4.3.

How does the broken access control vulnerability in LibreNMS affect users?

The broken access control vulnerability in LibreNMS allows unauthorized users to access any feature of the application.

Which version of LibreNMS is affected by CVE-2023-48294?

LibreNMS version 23.11.0 and earlier are affected by CVE-2023-48294.

How can I fix the broken access control vulnerability in LibreNMS?

To fix the broken access control vulnerability in LibreNMS, update to version 23.11.0 or later.

What is the Common Weakness Enumeration (CWE) ID for CVE-2023-48294?

The Common Weakness Enumeration (CWE) ID for CVE-2023-48294 is CWE-200.

Vulnerability/
CVE-2023-48294

medium

4.3

CWE

200

17/11/2023

29/11/2023

CVE-2023-48294: Broken Access control on Graphs Feature in LibreNMS

First published: Fri Nov 17 2023(Updated: )

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
composer/librenms/librenms	<23.11.0	23.11.0
Librenms Librenms	<23.11.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-48294?
The severity of CVE-2023-48294 is medium with a CVSS score of 4.3.
How does the broken access control vulnerability in LibreNMS affect users?
The broken access control vulnerability in LibreNMS allows unauthorized users to access any feature of the application.
Which version of LibreNMS is affected by CVE-2023-48294?
LibreNMS version 23.11.0 and earlier are affected by CVE-2023-48294.
How can I fix the broken access control vulnerability in LibreNMS?
To fix the broken access control vulnerability in LibreNMS, update to version 23.11.0 or later.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-48294?
The Common Weakness Enumeration (CWE) ID for CVE-2023-48294 is CWE-200.

collector/mitre-cve
collector/github-advisory-latest
alias/GHSA-fpq5-4vwm-78x4
alias/CVE-2023-48294
collector/nvd-cve
collector/github-advisory
collector/nvd-api
agent/title
agent/severity
agent/references
agent/author
agent/type
package-manager/composer
vendor/librenms
canonical/librenms librenms

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.