CVE-2024-41961 (GCVE-0-2024-41961)
Vulnerability from cvelistv5 – Published: 2024-08-01 14:33 – Updated: 2024-08-07 14:23
VLAI?
Title
Elektra vulnerable to remote code execution in universal search
Summary
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.
Severity ?
9.2 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sapcc:elektra:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elektra",
"vendor": "sapcc",
"versions": [
{
"lessThan": "8bce00be93b95a6512ff68fe86bf9554e486bc02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T14:22:09.735872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T14:23:43.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "elektra",
"vendor": "sapcc",
"versions": [
{
"status": "affected",
"version": "\u003c 8bce00be93b95a6512ff68fe86bf9554e486bc02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H/E:X/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T14:33:46.684Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q"
},
{
"name": "https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d"
},
{
"name": "https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02"
}
],
"source": {
"advisory": "GHSA-6j2h-486h-487q",
"discovery": "UNKNOWN"
},
"title": "Elektra vulnerable to remote code execution in universal search"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41961",
"datePublished": "2024-08-01T14:33:46.684Z",
"dateReserved": "2024-07-24T16:51:40.951Z",
"dateUpdated": "2024-08-07T14:23:43.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-41961",
"date": "2026-05-04",
"epss": "0.00209",
"percentile": "0.4298"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.\"}, {\"lang\": \"es\", \"value\": \" Elektra es un panel de Openstack obstinado para operadores y consumidores de servicios Openstack. Se encontr\\u00f3 una vulnerabilidad de inyecci\\u00f3n de c\\u00f3digo en la funcionalidad de b\\u00fasqueda en vivo de la aplicaci\\u00f3n web Elektra basada en Ruby on Rails. Un usuario autenticado puede crear un t\\u00e9rmino de b\\u00fasqueda que contenga c\\u00f3digo Ruby, que luego fluye hacia un receptor \\\"eval\\\" que ejecuta el c\\u00f3digo. Corregido en la confirmaci\\u00f3n 8bce00be93b95a6512ff68fe86bf9554e486bc02.\"}]",
"id": "CVE-2024-41961",
"lastModified": "2024-08-01T16:45:25.400",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H\", \"baseScore\": 9.6, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 5.8}]}",
"published": "2024-08-01T15:15:14.310",
"references": "[{\"url\": \"https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q\", \"source\": \"security-advisories@github.com\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-41961\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-08-01T15:15:14.310\",\"lastModified\":\"2024-08-01T16:45:25.400\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.\"},{\"lang\":\"es\",\"value\":\" Elektra es un panel de Openstack obstinado para operadores y consumidores de servicios Openstack. Se encontr\u00f3 una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en la funcionalidad de b\u00fasqueda en vivo de la aplicaci\u00f3n web Elektra basada en Ruby on Rails. Un usuario autenticado puede crear un t\u00e9rmino de b\u00fasqueda que contenga c\u00f3digo Ruby, que luego fluye hacia un receptor \\\"eval\\\" que ejecuta el c\u00f3digo. Corregido en la confirmaci\u00f3n 8bce00be93b95a6512ff68fe86bf9554e486bc02.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-41961\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-07T14:22:09.735872Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:sapcc:elektra:*:*:*:*:*:*:*:*\"], \"vendor\": \"sapcc\", \"product\": \"elektra\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"8bce00be93b95a6512ff68fe86bf9554e486bc02\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-07T14:23:36.808Z\"}}], \"cna\": {\"title\": \"Elektra vulnerable to remote code execution in universal search\", \"source\": {\"advisory\": \"GHSA-6j2h-486h-487q\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H/E:X/RL:O/RC:C\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"sapcc\", \"product\": \"elektra\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 8bce00be93b95a6512ff68fe86bf9554e486bc02\"}]}], \"references\": [{\"url\": \"https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q\", \"name\": \"https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d\", \"name\": \"https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02\", \"name\": \"https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-08-01T14:33:46.684Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-41961\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-07T14:23:43.106Z\", \"dateReserved\": \"2024-07-24T16:51:40.951Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-08-01T14:33:46.684Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…