From 4b0c32db0dc7f4d845589abaa70cfd89121197c5 Mon Sep 17 00:00:00 2001 From: Maximand Date: Wed, 16 Oct 2024 22:02:25 +0200 Subject: [PATCH 1/7] soplanning casefile --- _cases/2024/DIVD-2024-00024.md | 73 ++++++++++ _data/cves/2024/CVE-2024-27112.json | 216 ++++++++++++++++++++++++++++ _data/cves/2024/CVE-2024-27113.json | 216 ++++++++++++++++++++++++++++ _data/cves/2024/CVE-2024-27114.json | 164 +++++++++++++++++++++ _data/cves/2024/CVE-2024-27115.json | 190 ++++++++++++++++++++++++ 5 files changed, 859 insertions(+) create mode 100644 _cases/2024/DIVD-2024-00024.md create mode 100644 _data/cves/2024/CVE-2024-27112.json create mode 100644 _data/cves/2024/CVE-2024-27113.json create mode 100644 _data/cves/2024/CVE-2024-27114.json create mode 100644 _data/cves/2024/CVE-2024-27115.json diff --git a/_cases/2024/DIVD-2024-00024.md b/_cases/2024/DIVD-2024-00024.md new file mode 100644 index 00000000..aca6fc2d --- /dev/null +++ b/_cases/2024/DIVD-2024-00024.md @@ -0,0 +1,73 @@ +--- +layout: case +title: "Multiple Vulnerabilities in SOPlanning" +author: Max van der Horst +lead: Max van der Horst +excerpt: "Multiple injection and access control vulnerabilities have been found in SOPlanning. Please update to the latest version as soon as possible." +researchers: +- Wietse Boonstra +- Hidde Smit +- Victor Pasman +- Max van der Horst +cves: +- CVE-2024-27112 +- CVE-2024-27113 +- CVE-2024-27114 +- CVE-2024-27115 +product: +- SOPlanning Online Planning Tool +versions: +- version 1.52.01 or earlier +recommendation: "Update your SOPlanning instance to version 1.52.02 as soon as possible." +workaround: n/a +patch_status: Released +status : Closed +start: 2024-05-27 +end: 2024-10-16 +timeline: +- start: 2024-05-27 + end: + event: "Vulnerabilities are found by Wietse and Hidde." +- start: 2024-06-19 + end: + event: "Vulnerabilities reported to vendor." +- start: 2024-06-19 + end: 2024-06-19 + event: "Time to Acknowledge." +- start: 2024-06-19 + end: + event: "Vendor acknowledges receipt of vulnerabilities." +- start: 2024-06-19 + end: 2024-07-04 + event: "Time to fix." +- start: 2024-08-08 + end: + event: "Limited disclosure of the vulnerabilities and publishing of CVEs." +- start: 2024-10-16 + end: + event: "Case closed." + +--- + +## Summary + +Various vulnerabilities in the SOPlanning Online Planning Tool have been found by DIVD researchers. The vulnerabilities are present in version 1.52.01. The first vulnerability allows for unauthenticated SQL Injection, which allows an attacker to take control over the underlying database. The second and third vulnerabilities are Remote Code Execution vulnerabilities, which allow attackers to execute code on the underlying system. The fourth and last vulnerability allows attackers to export the database through an Insecure Direct Object Reference vulnerability. + +All vulnerabilites are critical and require immediate patching to prevent compromise. + +## Recommendations + +Update your SOPlanning instance to version 1.52.02 at your earliest convenience. + +## What we are doing + +DIVD is currently working to identify parties that are running a version of SOPlanning Online Planning Tool that contains these vulnerabilities and notify these parties. We do this by finding instances that are connected to the Internet and verifying the version installed. + +{% include timeline.html %} + +## More information + +* {% cve CVE-2024-27112 %} +* {% cve CVE-2024-27113 %} +* {% cve CVE-2024-27114 %} +* {% cve CVE-2024-27115 %} diff --git a/_data/cves/2024/CVE-2024-27112.json b/_data/cves/2024/CVE-2024-27112.json new file mode 100644 index 00000000..34978c3d --- /dev/null +++ b/_data/cves/2024/CVE-2024-27112.json @@ -0,0 +1,216 @@ +{ + "containers": { + "adp": [ + { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*" + ], + "defaultStatus": "unknown", + "product": "soplanning", + "vendor": "soplanning", + "versions": [ + { + "lessThan": "1.52.02", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "metrics": [ + { + "other": { + "content": { + "id": "CVE-2024-27112", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "yes" + }, + { + "Technical Impact": "total" + } + ], + "role": "CISA Coordinator", + "timestamp": "2024-09-11T13:56:02.593465Z", + "version": "2.0.3" + }, + "type": "ssvc" + } + } + ], + "providerMetadata": { + "dateUpdated": "2024-09-11T13:58:58.148Z", + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP" + }, + "title": "CISA ADP Vulnrichment" + } + ], + "cna": { + "affected": [ + { + "collectionURL": "https://sourceforge.net/projects/soplanning/", + "defaultStatus": "unaffected", + "product": "SO Planning", + "vendor": "Simple Online Planning", + "versions": [ + { + "status": "affected", + "version": "before 1.52.01" + } + ] + } + ], + "configurations": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The public view setting must be enabled." + } + ], + "value": "The public view setting must be enabled." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "value": "Wietse Boonstra" + }, + { + "lang": "en", + "type": "finder", + "value": "Hidde Smit" + }, + { + "lang": "en", + "type": "analyst", + "value": "Max van der Horst" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02. " + } + ], + "value": "A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02." + } + ], + "impacts": [ + { + "capecId": "CAPEC-66", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-66 SQL Injection" + } + ] + } + ], + "metrics": [ + { + "cvssV4_0": { + "Automatable": "YES", + "Recovery": "USER", + "Safety": "NEGLIGIBLE", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "attackVector": "NETWORK", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "privilegesRequired": "NONE", + "providerUrgency": "RED", + "subAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "userInteraction": "NONE", + "valueDensity": "CONCENTRATED", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red", + "version": "4.0", + "vulnAvailabilityImpact": "HIGH", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnerabilityResponseEffort": "MODERATE" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-89", + "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "dateUpdated": "2024-09-11T13:41:16.813Z", + "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "shortName": "DIVD" + }, + "references": [ + { + "tags": [ + "third-party-advisory" + ], + "url": "https://csirt.divd.nl/CVE-2024-27112" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "SQL Injection in SOPlanning before 1.52.02", + "workarounds": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Disable the public view setting." + } + ], + "value": "Disable the public view setting." + } + ], + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + }, + "cveMetadata": { + "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "assignerShortName": "DIVD", + "cveId": "CVE-2024-27112", + "datePublished": "2024-09-11T13:41:16.813Z", + "dateReserved": "2024-02-19T19:21:08.620Z", + "dateUpdated": "2024-09-11T13:58:58.148Z", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.1" +} diff --git a/_data/cves/2024/CVE-2024-27113.json b/_data/cves/2024/CVE-2024-27113.json new file mode 100644 index 00000000..17b3eea9 --- /dev/null +++ b/_data/cves/2024/CVE-2024-27113.json @@ -0,0 +1,216 @@ +{ + "containers": { + "adp": [ + { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*" + ], + "defaultStatus": "unknown", + "product": "soplanning", + "vendor": "soplanning", + "versions": [ + { + "lessThan": "1.52.02", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "metrics": [ + { + "other": { + "content": { + "id": "CVE-2024-27113", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "yes" + }, + { + "Technical Impact": "total" + } + ], + "role": "CISA Coordinator", + "timestamp": "2024-09-11T14:09:52.970621Z", + "version": "2.0.3" + }, + "type": "ssvc" + } + } + ], + "providerMetadata": { + "dateUpdated": "2024-09-11T14:11:10.073Z", + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP" + }, + "title": "CISA ADP Vulnrichment" + } + ], + "cna": { + "affected": [ + { + "collectionURL": "https://sourceforge.net/projects/soplanning/", + "defaultStatus": "unaffected", + "product": "SO Planning", + "vendor": "Simple Online Planning", + "versions": [ + { + "status": "affected", + "version": "before 1.52.01" + } + ] + } + ], + "configurations": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The public view setting must be enabled." + } + ], + "value": "The public view setting must be enabled." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "value": "Wietse Boonstra" + }, + { + "lang": "en", + "type": "finder", + "value": "Hidde Smit" + }, + { + "lang": "en", + "type": "analyst", + "value": "Max van der Horst" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability has been remediated in version 1.52.02. " + } + ], + "value": "An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability has been remediated in version 1.52.02." + } + ], + "impacts": [ + { + "capecId": "CAPEC-233", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-233 Privilege Escalation" + } + ] + } + ], + "metrics": [ + { + "cvssV4_0": { + "Automatable": "YES", + "Recovery": "AUTOMATIC", + "Safety": "NEGLIGIBLE", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "attackVector": "NETWORK", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "privilegesRequired": "NONE", + "providerUrgency": "RED", + "subAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "userInteraction": "NONE", + "valueDensity": "CONCENTRATED", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:C/RE:M/U:Red", + "version": "4.0", + "vulnAvailabilityImpact": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnerabilityResponseEffort": "MODERATE" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-200", + "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "dateUpdated": "2024-09-11T13:41:16.358Z", + "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "shortName": "DIVD" + }, + "references": [ + { + "tags": [ + "third-party-advisory" + ], + "url": "https://csirt.divd.nl/CVE-2024-27113" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02", + "workarounds": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Disable the public view setting." + } + ], + "value": "Disable the public view setting." + } + ], + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + }, + "cveMetadata": { + "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "assignerShortName": "DIVD", + "cveId": "CVE-2024-27113", + "datePublished": "2024-09-11T13:41:16.358Z", + "dateReserved": "2024-02-19T19:21:08.620Z", + "dateUpdated": "2024-09-11T14:11:10.073Z", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.1" +} diff --git a/_data/cves/2024/CVE-2024-27114.json b/_data/cves/2024/CVE-2024-27114.json new file mode 100644 index 00000000..0ce2c8f2 --- /dev/null +++ b/_data/cves/2024/CVE-2024-27114.json @@ -0,0 +1,164 @@ +{ + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://sourceforge.net/projects/soplanning/", + "defaultStatus": "unaffected", + "product": "SO Planning", + "vendor": "Simple Online Planning", + "versions": [ + { + "status": "affected", + "version": "before 1.52.01" + } + ] + } + ], + "configurations": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The public view setting must be enabled." + } + ], + "value": "The public view setting must be enabled." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "value": "Wietse Boonstra" + }, + { + "lang": "en", + "type": "finder", + "value": "Hidde Smit" + }, + { + "lang": "en", + "type": "analyst", + "value": "Max van der Horst" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02. " + } + ], + "value": "A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02." + } + ], + "impacts": [ + { + "capecId": "CAPEC-549", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-549 Local Execution of Code" + } + ] + } + ], + "metrics": [ + { + "cvssV4_0": { + "Automatable": "YES", + "Recovery": "IRRECOVERABLE", + "Safety": "NEGLIGIBLE", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "attackVector": "NETWORK", + "baseScore": 8.9, + "baseSeverity": "HIGH", + "privilegesRequired": "HIGH", + "providerUrgency": "RED", + "subAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "HIGH", + "userInteraction": "NONE", + "valueDensity": "CONCENTRATED", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:I/V:C/RE:M/U:Red", + "version": "4.0", + "vulnAvailabilityImpact": "HIGH", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnerabilityResponseEffort": "MODERATE" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-367", + "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "dateUpdated": "2024-09-11T13:41:16.662Z", + "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "shortName": "DIVD" + }, + "references": [ + { + "tags": [ + "third-party-advisory" + ], + "url": "https://csirt.divd.nl/CVE-2024-27114" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "Remote Code Execution through File Upload in SOPlanning before 1.52.02", + "workarounds": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Disable the public view setting." + } + ], + "value": "Disable the public view setting." + } + ], + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + }, + "cveMetadata": { + "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "assignerShortName": "DIVD", + "cveId": "CVE-2024-27114", + "datePublished": "2024-09-11T13:41:16.662Z", + "dateReserved": "2024-02-19T19:21:08.620Z", + "dateUpdated": "2024-09-11T13:41:16.662Z", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.1" +} diff --git a/_data/cves/2024/CVE-2024-27115.json b/_data/cves/2024/CVE-2024-27115.json new file mode 100644 index 00000000..ec539fdf --- /dev/null +++ b/_data/cves/2024/CVE-2024-27115.json @@ -0,0 +1,190 @@ +{ + "containers": { + "adp": [ + { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:simple_online_planning:so_planning:*:*:*:*:*:*:*:*" + ], + "defaultStatus": "unknown", + "product": "so_planning", + "vendor": "simple_online_planning", + "versions": [ + { + "lessThan": "1.52.01", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "metrics": [ + { + "other": { + "content": { + "id": "CVE-2024-27115", + "options": [ + { + "Exploitation": "none" + }, + { + "Automatable": "no" + }, + { + "Technical Impact": "total" + } + ], + "role": "CISA Coordinator", + "timestamp": "2024-09-11T15:43:03.779948Z", + "version": "2.0.3" + }, + "type": "ssvc" + } + } + ], + "providerMetadata": { + "dateUpdated": "2024-09-11T15:45:17.278Z", + "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "shortName": "CISA-ADP" + }, + "title": "CISA ADP Vulnrichment" + } + ], + "cna": { + "affected": [ + { + "collectionURL": "https://sourceforge.net/projects/soplanning/", + "defaultStatus": "unaffected", + "product": "SO Planning", + "vendor": "Simple Online Planning", + "versions": [ + { + "status": "affected", + "version": "before 1.52.01" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "value": "Wietse Boonstra" + }, + { + "lang": "en", + "type": "finder", + "value": "Hidde Smit" + }, + { + "lang": "en", + "type": "analyst", + "value": "Max van der Horst" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02. " + } + ], + "value": "A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02." + } + ], + "impacts": [ + { + "capecId": "CAPEC-549", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-549 Local Execution of Code" + } + ] + } + ], + "metrics": [ + { + "cvssV4_0": { + "Automatable": "YES", + "Recovery": "IRRECOVERABLE", + "Safety": "NEGLIGIBLE", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "attackVector": "NETWORK", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "privilegesRequired": "NONE", + "providerUrgency": "RED", + "subAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "HIGH", + "userInteraction": "NONE", + "valueDensity": "CONCENTRATED", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:I/V:C/RE:M/U:Red", + "version": "4.0", + "vulnAvailabilityImpact": "HIGH", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnerabilityResponseEffort": "MODERATE" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-434", + "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "dateUpdated": "2024-09-11T13:41:16.520Z", + "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "shortName": "DIVD" + }, + "references": [ + { + "tags": [ + "third-party-advisory" + ], + "url": "https://csirt.divd.nl/CVE-2024-27115" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "Remote Code Execution through File Upload in SOPlanning before 1.52.02", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + }, + "cveMetadata": { + "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "assignerShortName": "DIVD", + "cveId": "CVE-2024-27115", + "datePublished": "2024-09-11T13:41:16.520Z", + "dateReserved": "2024-02-19T19:21:08.621Z", + "dateUpdated": "2024-09-11T15:45:17.278Z", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.1" +} From 15e0054ea8ff61a19b967c5d44b1f7a3df2e282f Mon Sep 17 00:00:00 2001 From: Max <25766540+Maximand@users.noreply.github.com> Date: Thu, 17 Oct 2024 10:01:06 +0200 Subject: [PATCH 2/7] Update DIVD-2024-00024.md --- _cases/2024/DIVD-2024-00024.md | 40 +++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/_cases/2024/DIVD-2024-00024.md b/_cases/2024/DIVD-2024-00024.md index aca6fc2d..db2bfae0 100644 --- a/_cases/2024/DIVD-2024-00024.md +++ b/_cases/2024/DIVD-2024-00024.md @@ -1,13 +1,12 @@ --- layout: case -title: "Multiple Vulnerabilities in SOPlanning" -author: Max van der Horst +title: "Multiple vulnerabilities found in the SOPlanning tool" +author: Victor Pasman lead: Max van der Horst -excerpt: "Multiple injection and access control vulnerabilities have been found in SOPlanning. Please update to the latest version as soon as possible." +excerpt: "In the SOPlanning Online Planning tool, multiple critical vulnerabilities were found, including an unauthenticated SQL injection. When the non-default public view setting is enabled, it results in several Remote Code Execution (RCE) vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to execute code on the underlying system and access the database." researchers: - Wietse Boonstra - Hidde Smit -- Victor Pasman - Max van der Horst cves: - CVE-2024-27112 @@ -15,15 +14,15 @@ cves: - CVE-2024-27114 - CVE-2024-27115 product: -- SOPlanning Online Planning Tool +- SO planning versions: -- version 1.52.01 or earlier -recommendation: "Update your SOPlanning instance to version 1.52.02 as soon as possible." -workaround: n/a -patch_status: Released +- versions < 1.52.02 +recommendation: "Update to the latest version of SOPlanning Online Planning tool." +workaround: "None" +patch_status: None status : Closed -start: 2024-05-27 -end: 2024-10-16 +start: 2024-05-29 +end: timeline: - start: 2024-05-27 end: @@ -45,24 +44,25 @@ timeline: event: "Limited disclosure of the vulnerabilities and publishing of CVEs." - start: 2024-10-16 end: - event: "Case closed." + event: "Initial casefile created and published." +ips: --- ## Summary -Various vulnerabilities in the SOPlanning Online Planning Tool have been found by DIVD researchers. The vulnerabilities are present in version 1.52.01. The first vulnerability allows for unauthenticated SQL Injection, which allows an attacker to take control over the underlying database. The second and third vulnerabilities are Remote Code Execution vulnerabilities, which allow attackers to execute code on the underlying system. The fourth and last vulnerability allows attackers to export the database through an Insecure Direct Object Reference vulnerability. - -All vulnerabilites are critical and require immediate patching to prevent compromise. +The SOPlanning Online Planning tool up to version 1.52.02 contains several vulnerabilities which can be summarized to: +- An unauthenticated SQL injection, an attacker can misuse this vulnerability to retrieve information from the database. +- Two unauthenticated Remote Code Execution (RCE) vulnerabilities, these make it possible for an attacker to upload and execute an executables on the system. +- Insecure Direct Object Reference, which makes in possible for an attacker to export Database ## Recommendations -Update your SOPlanning instance to version 1.52.02 at your earliest convenience. +Update to the latest version of SOPlanning tool. If this is not possible, upgrade to version 1.52.02. ## What we are doing -DIVD is currently working to identify parties that are running a version of SOPlanning Online Planning Tool that contains these vulnerabilities and notify these parties. We do this by finding instances that are connected to the Internet and verifying the version installed. - +DIVD is currently working to identify parties that are running a version of the SO Planning tool that contain these vulnerabilities and notify these parties. We do this by finding vulnerable SOPlanning Tool systems that are connected to the Internet and verifying the version installed. {% include timeline.html %} ## More information @@ -71,3 +71,7 @@ DIVD is currently working to identify parties that are running a version of SOPl * {% cve CVE-2024-27113 %} * {% cve CVE-2024-27114 %} * {% cve CVE-2024-27115 %} +* [National Vulnerability Database for CVE-2024-27112](https://nvd.nist.gov/vuln/detail/CVE-2024-27112) +* [National Vulnerability Database for CVE-2024-27113](https://nvd.nist.gov/vuln/detail/CVE-2024-27113) +* [National Vulnerability Database for CVE-2024-27114](https://nvd.nist.gov/vuln/detail/CVE-2024-27114) +* [National Vulnerability Database for CVE-2024-27115](https://nvd.nist.gov/vuln/detail/CVE-2024-27115) From fe9410bb02b3874934c0dcae753fec3b57792432 Mon Sep 17 00:00:00 2001 From: Max <25766540+Maximand@users.noreply.github.com> Date: Thu, 17 Oct 2024 10:02:14 +0200 Subject: [PATCH 3/7] Update DIVD-2024-00024.md --- _cases/2024/DIVD-2024-00024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_cases/2024/DIVD-2024-00024.md b/_cases/2024/DIVD-2024-00024.md index db2bfae0..6ff78e52 100644 --- a/_cases/2024/DIVD-2024-00024.md +++ b/_cases/2024/DIVD-2024-00024.md @@ -45,7 +45,7 @@ timeline: - start: 2024-10-16 end: event: "Initial casefile created and published." -ips: +ips:0 --- From 4c5f6bd2881fe6bea511e372ba24aafc8cc4f5c7 Mon Sep 17 00:00:00 2001 From: Max <25766540+Maximand@users.noreply.github.com> Date: Thu, 17 Oct 2024 10:10:21 +0200 Subject: [PATCH 4/7] Update DIVD-2024-00024.md --- _cases/2024/DIVD-2024-00024.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/_cases/2024/DIVD-2024-00024.md b/_cases/2024/DIVD-2024-00024.md index 6ff78e52..d66df601 100644 --- a/_cases/2024/DIVD-2024-00024.md +++ b/_cases/2024/DIVD-2024-00024.md @@ -14,7 +14,7 @@ cves: - CVE-2024-27114 - CVE-2024-27115 product: -- SO planning +- SOPlanning Online Planning Tool versions: - versions < 1.52.02 recommendation: "Update to the latest version of SOPlanning Online Planning tool." @@ -22,7 +22,7 @@ workaround: "None" patch_status: None status : Closed start: 2024-05-29 -end: +end: 2024-10-16 timeline: - start: 2024-05-27 end: @@ -46,7 +46,6 @@ timeline: end: event: "Initial casefile created and published." ips:0 - --- ## Summary From 65271bcd38eeee866d1e2acfed1636892b861098 Mon Sep 17 00:00:00 2001 From: Maximand Date: Thu, 17 Oct 2024 10:18:29 +0200 Subject: [PATCH 5/7] attempt 50 to fix casefile --- _cases/2024/DIVD-2024-00024.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_cases/2024/DIVD-2024-00024.md b/_cases/2024/DIVD-2024-00024.md index d66df601..53332ad4 100644 --- a/_cases/2024/DIVD-2024-00024.md +++ b/_cases/2024/DIVD-2024-00024.md @@ -55,6 +55,8 @@ The SOPlanning Online Planning tool up to version 1.52.02 contains several vulne - Two unauthenticated Remote Code Execution (RCE) vulnerabilities, these make it possible for an attacker to upload and execute an executables on the system. - Insecure Direct Object Reference, which makes in possible for an attacker to export Database +All of these vulnerabilities would allow an attacker to take control of the underlying system. + ## Recommendations Update to the latest version of SOPlanning tool. If this is not possible, upgrade to version 1.52.02. From 1a309ed418cf96015ea9939f2f9ca9922b179e28 Mon Sep 17 00:00:00 2001 From: Max <25766540+Maximand@users.noreply.github.com> Date: Thu, 17 Oct 2024 10:20:34 +0200 Subject: [PATCH 6/7] Update DIVD-2024-00024.md --- _cases/2024/DIVD-2024-00024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_cases/2024/DIVD-2024-00024.md b/_cases/2024/DIVD-2024-00024.md index 53332ad4..c9445d13 100644 --- a/_cases/2024/DIVD-2024-00024.md +++ b/_cases/2024/DIVD-2024-00024.md @@ -45,7 +45,7 @@ timeline: - start: 2024-10-16 end: event: "Initial casefile created and published." -ips:0 +ips: 0 --- ## Summary From efac5d6b78ba75fc280ba100dc11063e384a5ad5 Mon Sep 17 00:00:00 2001 From: Max <25766540+Maximand@users.noreply.github.com> Date: Thu, 17 Oct 2024 10:22:34 +0200 Subject: [PATCH 7/7] Update DIVD-2024-00024.md --- _cases/2024/DIVD-2024-00024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_cases/2024/DIVD-2024-00024.md b/_cases/2024/DIVD-2024-00024.md index c9445d13..b3f6a195 100644 --- a/_cases/2024/DIVD-2024-00024.md +++ b/_cases/2024/DIVD-2024-00024.md @@ -45,7 +45,7 @@ timeline: - start: 2024-10-16 end: event: "Initial casefile created and published." -ips: 0 +ips: n/a --- ## Summary