Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310114467Pi-hole Core < 5.18 Authenticated Arbitrary File Read Vulnerability
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
Pi-hole Core is prone to an authenticated arbitrary file read
vulnerability.
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:pi-hole:pi-hole";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.114467");
script_version("2024-03-29T05:05:27+0000");
script_tag(name:"last_modification", value:"2024-03-29 05:05:27 +0000 (Fri, 29 Mar 2024)");
script_tag(name:"creation_date", value:"2024-03-28 15:09:50 +0000 (Thu, 28 Mar 2024)");
script_tag(name:"cvss_base", value:"8.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:P/A:P");
script_cve_id("CVE-2024-28247");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Pi-hole Core < 5.18 Authenticated Arbitrary File Read Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_pi-hole_http_detect.nasl");
script_mandatory_keys("pi-hole/detected");
script_tag(name:"summary", value:"Pi-hole Core is prone to an authenticated arbitrary file read
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw allows an authenticated user on the platform to read
internal server files arbitrarily, and because the application runs from behind, reading files is
done as a privileged user.");
script_tag(name:"affected", value:"Pi-hole Core versions 5.17.3 and prior.");
script_tag(name:"solution", value:"Update to version 5.18 or later.");
script_xref(name:"URL", value:"https://pi-hole.net/blog/2024/03/27/pi-hole-core-v5-18-released-to-fix-an-authenticated-arbitrary-file-read-with-root-privileges-vulnerability/");
script_xref(name:"URL", value:"https://github.com/pi-hole/pi-hole/security/advisories/GHSA-95g6-7q26-mp9x");
script_xref(name:"URL", value:"https://github.com/pi-hole/pi-hole/commit/9dd138b03348f24a001d60f27e29c8c62af28871");
script_xref(name:"URL", value:"https://github.com/pi-hole/pi-hole/commit/f3af03174e676c20e502a92ed7842159f2fdeb7e");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (isnull(port = get_app_port(cpe: CPE)))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "5.18")) {
report = report_fixed_ver(installed_version: version, fixed_version: "5.18", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
References
github.com/pi-hole/pi-hole/commit/9dd138b03348f24a001d60f27e29c8c62af28871
github.com/pi-hole/pi-hole/commit/f3af03174e676c20e502a92ed7842159f2fdeb7e
github.com/pi-hole/pi-hole/security/advisories/GHSA-95g6-7q26-mp9x
pi-hole.net/blog/2024/03/27/pi-hole-core-v5-18-released-to-fix-an-authenticated-arbitrary-file-read-with-root-privileges-vulnerability/
Related
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%