← back
CVE-2023-34096

Thruk has Path Traversal Vulnerability in panorama.pm

CVSS 6.5 MEDIUMEPSS 62.7%CWE-22
Vexday Risk Score
45Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 6.5EPSS 62.7%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
08 Jun 2023Published on NVD
09 Jun 2023Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products
sni · Thruk
public PoCs found3
githubgithub.com/galoget/Thruk-CVE-2023-340961cve_referencepacketstormsecurity.com/files/172822/Thruk-Monitoring-Web-Interface-3.06-Path-Traversal.htmlunverifiedcve_referencewww.exploit-db.com/exploits/51509unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/172822/Thruk-Monitoring-Web-Interface-3.06-Path-Traversal.htmlhttps://galogetlatorre.blogspot.com/2023/06/cve-2023-34096-path-traversal-thruk.htmlhttps://github.com/galoget/Thruk-CVE-2023-34096https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L690https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L705https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L727https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L735https://github.com/sni/Thruk/commit/26de047275c355c5ae2bbbc51b164f0f8bef5c5bhttps://github.com/sni/Thruk/commit/cf03f67621b7bb20e2c768bc62b30e976206aa17https://github.com/sni/Thruk/security/advisories/GHSA-vhqc-649h-994hhttps://www.exploit-db.com/exploits/51509