icon

We found results for “

CVE-2021-25930

Date: May 20, 2021

Overview

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1--meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and since there is no validation of an existing user name while renaming a user. As a result, privileges of the renamed user are being overwritten by the old user and the old user is being deleted from the user list.

Details

The module `opennms` can be abused by CSRF due to no CSRF protection, and since there is no validation of an existing user name while renaming a user. As a result, privileges of the renamed user are being overwritten by the old user and the old user is being deleted from the user list. The input parameter `newName` is being sent to `/opennms/admin/userGroupView/users/renameUser` endpoint, where there is a missing validation to check whether the existing user names are present in the `m_users` map object. Due to this flaw, an attacker could trick the admin into renaming the old user with the already existing user and deny the existing user from logging in and accessing the service.

Affected Environments

opennms-1-0-stable, opennms-1.0.1 through opennms-27.1.0-1, meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1, meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1

Prevention

Upgrade to Horizon 27.1.1, Meridian 2020.1.7 or Meridian 2019.1.19

Language: Java

Good to know:

icon
icon

Cross-Site Request Forgery (CSRF)

CWE-352
icon

Upgrade Version

Upgrade to version org.opennms:opennms:27.1.1, org.opennms:opennms-config:27.1.1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: