CVE-2024-21623

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "`Analysis - SonarCloud`" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104	Product
https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254	Patch
https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589	Exploit Vendor Advisory
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/	Exploit Third Party Advisory
https://securitylab.github.com/research/github-actions-untrusted-input/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mehah:otclient:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-01-02 21:15

Updated : 2024-01-08 19:29

NVD link : CVE-2024-21623

Mitre link : CVE-2024-21623

CVE.ORG link : CVE-2024-21623

JSON object : View

Products Affected

mehah

otclient

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2024-21623", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-01-02T21:15:10.250", "references": [{"url": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://securitylab.github.com/research/github-actions-untrusted-input/", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient \"`Analysis - SonarCloud`\" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue."}, {"lang": "es", "value": "OTCLient es un cliente de tibia alternativo para otserv. Antes del commit db560de0b56476c87a2f967466407939196dd254, el workflow /mehah/otclient \"`Analysis - SonarCloud`\" es vulnerable a una inyecci\u00f3n de expresi\u00f3n en Actions, lo que permite a un atacante ejecutar comandos de forma remota en el ejecutor, filtrar secretos y alterar el repositorio utilizando este workflow. El commit db560de0b56476c87a2f967466407939196dd254 contiene una soluci\u00f3n para este problema."}], "lastModified": "2024-01-08T19:29:32.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mehah:otclient:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60A3865E-2453-4A5A-9685-34494CC8BCD1", "versionEndExcluding": "2023-12-30"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}