Published:2023/11/13  Last Updated:2023/11/13

JVN#96209256
Multiple vulnerabilities in Pleasanter

Overview

Pleasanter provided by Implem Inc. contains multiple vulnerabilities.

Products Affected

CVE-2023-34439, CVE-2023-45210, CVE-2023-46688

  • Pleasanter 1.3.47.0 and earlier versions
CVE-2023-41890
  • Pleasanter 1.3.46.1 and earlier versions which use SAML (Security Assertion Markup Language) authentication
The developer states that the product's both Community Edition and Enterprise Edition are affected.

Description

Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below.

  • Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-34439
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
  • Improper access control vulnerability (CWE-284) - CVE-2023-45210
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Base Score: 3.5
    CVSS v2 AV:N/AC:M/Au:S/C:P/I:N/A:N Base Score: 3.5
  • Open redirect vulnerability (CWE-601) - CVE-2023-46688
    CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Base Score: 3.4
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
  • Authentication bypass vulnerability by SAML (CWE-289) - CVE-2023-41890
    This issue is caused by a vulnerability in Sustainsys.Saml2 library used in the product.
    CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Base Score: 5.9
    CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3

Impact

  • An arbitrary script may be executed on the user's web browser - CVE-2023-34439
  • A user may view the temporary files uploaded by other users that are not permitted to access - CVE-2023-45210
  • When accessing a specially crafted URL under certain conditions, the user may be redirected to an arbitrary website - CVE-2023-46688
  • A remote attacker may impersonate a legitimate user, and log in to the system that uses the product - CVE-2019-5966

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following versions that contain fixes for the vulnerabilities.

CVE-2023-34439, CVE-2023-45210, CVE-2023-46688

  • Pleasanter 1.3.48.0
CVE-2023-41890
  • Pleasanter 1.3.47.0

Vendor Status

Vendor Link
Implem Inc. Multiple Vulnerabilities in Pleasanter (Text in Japanese)

References

  1. Sustainsys / Saml2
    Insufficient Identity Provider Issuer Validation

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2023-34439, CVE-2023-45210
Sato Nobuhiro of Suzuki Motor Corporation and You Okuma of LAC Co., Ltd. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2023-46688
Yoichi Tsuzuki of FFRI Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Implem Inc. reported to IPA that CVE-2023-41890 vulnerability still exists in the product. JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-34439
CVE-2023-45210
CVE-2023-46688
CVE-2023-41890
JVN iPedia JVNDB-2023-000112