3.5 LOW
- CVSS version: 3.1
- Attack vector (AV): ADJACENT_NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): NONE
Activity log
- Created suggestion
The Asterisk embedded web server 's /httpstatus page echos user supplied values(cookie and query string) without sanitization
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
References
-
https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh x_refsource_CONFIRM
Affected products
- ==< 22.8.2
- ==< 20.7-cert9
- ==< 23.2.2
- ==< 21.12.1
- ==< 20.18.2
Matching in nixpkgs
pkgs.asterisk_18
Software implementation of a telephone private branch exchange (PBX)
-
nixos-unstable 18.26.3
pkgs.asterisk_20
Software implementation of a telephone private branch exchange (PBX)
pkgs.asterisk_22
Software implementation of a telephone private branch exchange (PBX)
pkgs.asterisk_23
Software implementation of a telephone private branch exchange (PBX)
pkgs.asterisk-ldap
Software implementation of a telephone private branch exchange (PBX)
pkgs.asterisk-module-sccp
Replacement for the SCCP channel driver in Asterisk
-
nixos-unstable 4.3.5
pkgs.python312Packages.asterisk-mbox
Client side of a client/server to interact with Asterisk voicemail mailboxes
-
nixos-unstable 0.5.0
pkgs.python313Packages.asterisk-mbox
Client side of a client/server to interact with Asterisk voicemail mailboxes
pkgs.python314Packages.asterisk-mbox
Client side of a client/server to interact with Asterisk voicemail mailboxes
Package maintainers
-
@DerTim1 Tim Digel <tim.digel@active-group.de>
-
@auntieNeo Jonathan Glines <auntieNeo@gmail.com>
-
@yorickvP Yorick van Pelt <yorickvanpelt@gmail.com>
-
@dasJ Janne Heß <janne@hess.ooo>
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>