CVE-2024-10126
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.
https://nvd.nist.gov/vuln/detail/CVE-2024-10126
Categories
CWE-552 : Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access. Data file under web root.
References
CPE
REMEDIATION
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| 150 |
Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks. |
Medium |
| 639 |
Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information. |
Medium |
MITRE
Techniques
| id |
description |
| T1003 |
OS Credential Dumping |
| T1039 |
Data from Network Shared Drive |
| T1119 |
Automated Collection |
| T1213 |
Data from Information Repositories |
| T1530 |
Data from Cloud Storage Object |
| T1552.001 |
Unsecured Credentials:Credentials in files |
| T1552.003 |
Unsecured Credentials: Bash History |
| T1552.004 |
Unsecured Credentials: Private Keys |
| T1552.006 |
Unsecured Credentials: Group Policy Preferences |
| T1555 |
Credentials from Password Stores |
| T1602 |
Data from Configuration Repository |
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
Mitigations
| id |
description |
| T1003 |
Limit credential overlap across accounts and systems by training users and administrators not to use the same password for multiple accounts. |
| T1119 |
Encryption and off-system storage of sensitive information may be one way to mitigate collection of files, but may not stop an adversary from acquiring the information if an intrusion persists over a long period of time and the adversary is able to discover and access the data through other means. |
| T1213 |
Develop and publish policies that define acceptable information to be stored in repositories. |
| T1530 |
Configure user permissions groups and roles for access to cloud storage. Implement strict Identity and Access Management (IAM) controls to prevent access to storage solutions except for the applications, users, and services that require access. Ensure that temporary access tokens are issued rather than permanent credentials, especially when access is being granted to entities outside of the internal security boundary. |
| T1552.001 |
Ensure that developers and system administrators are aware of the risk associated with having plaintext passwords in software configuration files that may be left on endpoint systems or servers. |
| T1552.003 |
There are multiple methods of preventing a user's command history from being flushed to their .bash_history file, including use of the following commands:
<code>set +o history</code> and <code>set -o history</code> to start logging again;
<code>unset HISTFILE</code> being added to a user's .bash_rc file; and
<code>ln -s /dev/null ~/.bash_history</code> to write commands to <code>/dev/null</code>instead. |
| T1552.004 |
Ensure permissions are properly set on folders containing sensitive private keys to prevent unintended access. Additionally, on Cisco devices, set the `nonexportable` flag during RSA key pair generation. |
| T1552.006 |
Apply patch KB2962486 which prevents credentials from being stored in GPPs. |
| T1555 |
Perform regular software updates to mitigate exploitation risk. |
| T1602 |
Keep system images and software updated and migrate to SNMPv3. |
| © 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation. |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer
