Published:2024/04/10  Last Updated:2024/04/10

JVN#70977403
Multiple vulnerabilities in a-blog cms

Overview

a-blog cms contains multiple vulnerabilities.

Products Affected

CVE-2024-30419, CVE-2024-31394, CVE-2024-31395

  • a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12
  • a-blog cms Ver.3.0.x series versions prior to Ver.3.0.32
  • a-blog cms Ver.2.11.x series versions prior to Ver.2.11.61
  • a-blog cms Ver.2.10.x series versions prior to Ver.2.10.53
According to the developer, a-blog cms Ver.2.9 and earlier versions, which are now unsupported, are affected by the vulnerabilities as well.

CVE-2024-30420, CVE-2024-31396
  • a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12
  • a-blog cms Ver.3.0.x series versions prior to Ver.3.0.32

Description

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.

  • Stored cross-site scripting vulnerability in Entry editing pages (CWE-79)
    • CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4
    • CVE-2024-30419
  • Server-side request forgery (CWE-918)
    • CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score 4.4
    • CVE-2024-30420
  • Directory traversal (CWE-22)
    • CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5
    • CVE-2024-31394
  • Stored cross-site scripting vulnerability in Schedule labeling pages (CWE-79)
    • CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4
    • CVE-2024-31395
  • Code injection (CWE-94)
    • CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.6
    • CVE-2024-31396

Impact

  • A user with a contributor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the website using the product (CVE-2024-30419)
  • A user with an administrator or higher privilege who can log in to the product may obtain arbitrary files on the server and information on the internal server that is not disclosed to the public (CVE-2024-30420)
  • A user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server (CVE-2024-31394)
  • A user with an editor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the schedule management page (CVE-2024-31395)
  • A user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server (CVE-2024-31396)

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Apply the workaround
For CVE-2024-30420, CVE-2024-31394, CVE-2024-31395, and CVE-2024-31396 vulnerabilities, the developer also recommends applying workarounds to mitigate the impacts of these vulnerabilities.

For more information, refer to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
appleple inc. Vulnerable 2024/04/10 appleple inc. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Rikuto Tauchi of sangi reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-30419
CVE-2024-30420
CVE-2024-31394
CVE-2024-31395
CVE-2024-31396
JVN iPedia JVNDB-2024-000039