CVE-2024-5023: ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
The self-service flow for templated resources in ConsoleMe accepts a user-supplied JSON post body, which includes the filename for the templated resource. However, this user-supplied filename is not properly sanitized and is passed directly as a string to a CLI command. This allows users to input flags instead of filenames. By passing a specific flag with a filename value, users can induce an error that reveals the contents of the specified file, allowing them to read any files readable by the system user executing the ConsoleMe server process.
References
- github.com/Netflix/consoleme
- github.com/Netflix/consoleme/commit/2795a2bd553938a21c0643b37452971625ce67f5
- github.com/Netflix/consoleme/pull/9380
- github.com/Netflix/consoleme/security/advisories/GHSA-3783-62vc-jr7x
- github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-002.md
- github.com/advisories/GHSA-3783-62vc-jr7x
- nvd.nist.gov/vuln/detail/CVE-2024-5023
Detect and mitigate CVE-2024-5023 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →