By unserializing these objects, the SafeUnpickler class does not automatically apply the object’s ACLs. A user with access to the monitoring server (e.g. the operator) could create an object with an ACL that grants them access to the monitoring server. An attacker could use this to escalate their privileges on the monitoring server and gain access to other parts of the system. A user with access to the monitoring server (e.g. the operator) could create an object with an ACL that grants them access to the monitoring server. An attacker could use this to escalate their privileges on the monitoring server and gain access to other parts of the system. CVE-2018-5685 # This issue has been assigned the reference CVE-2018-5685. Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.
This class does not validate the object’s ACLs when unserializing the object. A user with access to the monitoring server (e.g. the operator) could create an object with an ACL that grants them access to the monitoring server. An attacker could use this to escalate their privileges on the monitoring server and gain access to other parts of the system. A user with access to the monitoring server (e.
References: https://github.com/shinken/shinken-monitoring/commit/b40e9f98c9d8db6daa7a1eb0d03c90569b2f635cc
CVE-2018-5685
# This issue has been assigned the reference CVE-2018-5685. Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.
Timeline
Published on: 10/20/2022 11:15:00 UTC
Last modified on: 10/21/2022 16:25:00 UTC