CVE-2024-41661 Information
Description
reNgine is an automated reconnaissance framework for web applications. In versions 1.2.0 through 2.1.1 an authenticated command injection vulnerability in the WAF detection tool allows an authenticated attacker to remotely execute arbitrary commands as root user. The URL query parameter url is passed to subprocess.check_output without any sanitization resulting in a command injection vulnerability. This API endpoint is accessible by authenticated users with any use role. Because the process runs as root an attacker has root access. Commit edd3c85ee16f93804ad38dac5602549d2d30a93e contains a patch for the issue.
Reference
https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4
https://github.com/yogeshojha/rengine/commit/3d5f1724dd12cf9861443742e7d7c02ff8c75a6f
https://github.com/yogeshojha/rengine/commit/edd3c85ee16f93804ad38dac5602549d2d30a93e
https://github.com/yogeshojha/rengine/blob/53d9f505f04861a5040195ea71f20907ff90577a/web/api/views.py#L268-L275
reNgine
is
an
automated
reconnaissance
framework
for
web
applications.
In
versions
1.2.0
through
2.1.1
an
authenticated
command
injection
vulnerability
in
the
WAF
detection
tool
allows
an
authenticated
attacker
to
remotely
execute
arbitrary
commands
as
root
user.
The
URL
query
parameter
url
is
passed
to
subprocess.check_output
without
any
sanitization
resulting
in
a
command
injection
vulnerability.
This
API
endpoint
is
accessible
by
authenticated
users
with
any
use
role.
Because
the
process
runs
as
root
an
attacker
has
root
access.
Commit
edd3c85ee16f93804ad38dac5602549d2d30a93e
contains
a
patch
for
the
issue.