Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30656
HistoryMay 05, 2014 - 12:00 a.m.

[CVE-2013-6231] Remote Privilege Escalation in SpagoBI v4.0

2014-05-0500:00:00
vulners.com
22

###################################################

  1. Advisory Information

Title: Remote Privilege Escalation in SpagoBI
Date published: 2013-02-28
Date of last update: 2013-02-28
Vendors contacted: Engineering Group
Discovered by: Christian Catalano
Severity: High

  1. Vulnerability Information

CVE reference: CVE-2013-6231
CVSS v2 Base Score: 9
CVSS v2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Component/s: SpagoBI
Class: Input Manipulation

  1. Introduction

SpagoBI[1] is an Open Source Business Intelligence suite, belonging to the free/open source SpagoWorld initiative, founded and supported by Engineering Group[2].
It offers a large range of analytical functions, a highly functional semantic layer often absent in other open source platforms and projects, and a respectable set of advanced data visualization features including geospatial analytics.[3]
SpagoBI is released under the Mozilla Public License, allowing its commercial use.
SpagoBI is hosted on OW2 Forge[4] managed by OW2 Consortium, an independent open-source software community.

[1] - http://www.spagobi.org
[2] - http://www.eng.it
[3] - http://www.spagoworld.org/xwiki/bin/view/SpagoBI/PressRoom?id=SpagoBI-ForresterWave-July2012
[4] - http://forge.ow2.org/projects/spagobi

  1. Vulnerability Description

SpagoBI contains a flaw that leads to unauthorized privileges being gained. The issue is triggered when the servlet (action): AdapterHTTP?ACTION_NAME=MANAGE_USER_ACTION is executed with specifically crafted input, and may allow a remote attacker to gain Administrator role privileges.

  1. Technical Description / Proof of Concept Code

An attacker (a SpagoBI malicious Business User with RSM role ) can invoke via URL the servlet (action):

AdapterHTTP?ACTION_NAME=MANAGE_USER_ACTION

to gain SpagoBI Administrator privilege.
To reproduce the vulnerability follow the provided information and steps below:

Remote Privilege Escalation Attack has been successfully completed!

  1. Business Impact

Successful exploitation of the vulnerability may allow a remote, authenticated attacker to elevate privileges and obtain full access to the affected system.
The attacker could exploit the vulnerability to become administrator and retrieve or publish any kind of data.

  1. Systems Affected

This vulnerability was tested against: SpagoBI 4.0
Older versions are probably affected too, but they were not checked.

  1. Vendor Information, Solutions and Workarounds

This issue is fixed in SpagoBI v4.1, which can be downloaded from:
http://forge.ow2.org/project/showfiles.php?group_id=204

Fixed by vendor [verified]

  1. Credits

This vulnerability has been discovered by:
Christian Catalano aka wastasy ch(dot)catalano(at)gmail(dot)com

  1. Vulnerability History

October 08th, 2013: Vulnerability identification
October 22th, 2013: Vendor notification to [SpagoBI Team]
November 05th, 2013: Vendor Response/Feedback from [SpagoBI Team]
December 16th, 2013: Vendor Fix/Patch [SpagoBI Team]
January 16th, 2014: Fix/Patch Verified
February 28th, 2014: Vulnerability disclosure

  1. Disclaimer

The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or misuse of this information.

###################################################

Related for SECURITYVULNS:DOC:30656