CVE-2023-34096
published 2023-06-08CVE-2023-34096: Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file…
PriorityP180high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
62.68%
99.1th percentile
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sni | thruk | < 3.06.2 | 3.06.2 |
| thruk | thruk | < 3.06.2 | 3.06.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on the `location` parameter in panorama.cgi requests containing dot-dot-slash sequences (`../`) traversing outside the expected `backgrounds/` directory. ↗
- →Detect login attempts to `cgi-bin/login.cgi` using default credentials (thrukadmin/thrukadmin) followed immediately by a POST to `cgi-bin/panorama.cgi` with a traversal payload. ↗
- →Look for the cookie `thruk_message` set to `fail_message~~login%20failed` as an indicator of brute-force or credential-stuffing attempts against the Thruk login endpoint. ↗
- →Flag multipart POST uploads to panorama.cgi where the uploaded filename is `exploit.jpg` and the file content does not match a valid JPEG magic byte signature. ↗
- ·Exploitation requires a valid authenticated session (thruk_auth cookie); the exploit attempts authentication with default credentials first, so disabling or changing default credentials reduces but does not eliminate risk if other valid credentials exist. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/172822/Thruk-Monitoring-Web-Interface-3.06-Path-Traversal.htmlhttps://galogetlatorre.blogspot.com/2023/06/cve-2023-34096-path-traversal-thruk.htmlhttps://github.com/galoget/Thruk-CVE-2023-34096https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L690https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L705https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L727https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L735https://github.com/sni/Thruk/commit/26de047275c355c5ae2bbbc51b164f0f8bef5c5bhttps://github.com/sni/Thruk/commit/cf03f67621b7bb20e2c768bc62b30e976206aa17https://github.com/sni/Thruk/security/advisories/GHSA-vhqc-649h-994hhttps://www.exploit-db.com/exploits/51509http://packetstormsecurity.com/files/172822/Thruk-Monitoring-Web-Interface-3.06-Path-Traversal.htmlhttps://galogetlatorre.blogspot.com/2023/06/cve-2023-34096-path-traversal-thruk.htmlhttps://github.com/galoget/Thruk-CVE-2023-34096https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L690https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L705https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L727https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L735https://github.com/sni/Thruk/commit/26de047275c355c5ae2bbbc51b164f0f8bef5c5bhttps://github.com/sni/Thruk/commit/cf03f67621b7bb20e2c768bc62b30e976206aa17https://github.com/sni/Thruk/security/advisories/GHSA-vhqc-649h-994hhttps://www.exploit-db.com/exploits/51509
2023-06-08
Published