An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible.
References
Link | Resource |
---|---|
https://www.darkmatter.ae/xen1thlabs/librenms-authentication-bypass-vulnerability-xl-19-016/ | Exploit Third Party Advisory |
Configurations
Information
Published : 2019-09-09 06:15
Updated : 2020-08-24 10:37
NVD link : CVE-2019-10668
Mitre link : CVE-2019-10668
JSON object : View
CWE
CWE-306
Missing Authentication for Critical Function
Products Affected
librenms
- librenms