This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Thruk < 3.16 has an **OS Command Injection** flaw. π When generating PDF reports, it mishandles URL parameters.β¦
π‘οΈ **Root Cause**: **CWE-94** (Code Injection). π The flaw lies in improper handling of URL inputs during PDF generation. π The vulnerable script is `/script/html2pdf.sh`. It fails to sanitize inputs before execution.
Q3Who is affected? (Versions/Components)
π’ **Affected**: **Thruk** by developer **Sven Nierlein** (sni). π **Versions**: All versions **prior to 3.16**. π It is an open-source multi-backend monitoring web interface.
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: Authorized users can inject **arbitrary commands**. π₯οΈ These execute via `/script/html2pdf.sh`. π **Impact**: High severity (CVSS 9.8).β¦
π **Threshold**: **Medium**. π Requires **Authentication** (PR:L). β οΈ You must have **report generation access**. π Attack vector is **Network** (AV:N) with **Low Complexity** (AC:L). No user interaction needed (UI:N).
Q6Is there a public Exp? (PoC/Wild Exploitation)
π« **Public Exp**: **None listed** in current data. π `pocs` array is empty. π However, the GitHub Advisory and Commit links are provided for verification. π΅οΈββοΈ Wild exploitation is not yet confirmed public.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: 1. Check Thruk version (< 3.16). π 2. Look for `/script/html2pdf.sh` script. π 3. Test PDF report generation with malicious URL payloads. π‘ Use scanners targeting CWE-94 in Thruk modules.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: **Yes**. π Published: 2024-07-15. π οΈ **Patch**: Upgrade to **Thruk 3.16** or later. π Reference: GitHub Security Advisory (GHSA-r7gx-h738-4w6f) and Commit 7e7eb25.