CVE-2023-0870

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0870

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0870.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0870

Aliases

GHSA-jxr6-7qg5-8wv6

Published

2023-03-22T19:15:11.817Z

Modified

2026-04-12T08:34:21.812939Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

References

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type

GIT

Repo

https://github.com/opennms/opennms

Events

Introduced

Fixed

c869ac19eb49215bfdbcf4a2a7220716db696dd4

Introduced

0d3624eadab83197935d675b014fa7d8190e0258

Fixed

e36df90dbecad93f8c6d25de40ee402b77e23c58

Introduced

85e3e796e0953e602941e8fcd6ccaab36f00cacb

Fixed

c8268647096da22bb467fb5a0a6b92bb103fc374

Introduced

2b771b66f9eeaf9b60dd3d8af2833d4bae66bf08

Fixed

84b4a9917258ab8a56ad770ccfba4f775b5a32a3

Introduced

Last affected

3619e2c44a6e3efe312f8f7f46a9d06955e01bb0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "31.0.6"
        },
        {
            "introduced": "2020.1.0"
        },
        {
            "fixed": "2020.1.33"
        },
        {
            "introduced": "2021.1.0"
        },
        {
            "fixed": "2021.1.25"
        },
        {
            "introduced": "2022.1.0"
        },
        {
            "fixed": "2022.1.14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2023.1.0"
        }
    ]
}

Affected versions

meridian-foundation-2020.*

meridian-foundation-2020.1.10-1

meridian-foundation-2020.1.11-1

meridian-foundation-2020.1.12-1

meridian-foundation-2020.1.13-1

meridian-foundation-2020.1.14-1

meridian-foundation-2020.1.15-1

meridian-foundation-2020.1.16-1

meridian-foundation-2020.1.17-1

meridian-foundation-2020.1.18-1

meridian-foundation-2020.1.19-1

meridian-foundation-2020.1.20-1

meridian-foundation-2020.1.21-1

meridian-foundation-2020.1.22-1

meridian-foundation-2020.1.23-1

meridian-foundation-2020.1.24-1

meridian-foundation-2020.1.25-1

meridian-foundation-2020.1.26-1

meridian-foundation-2020.1.27-1

meridian-foundation-2020.1.28-1

meridian-foundation-2020.1.29-1

meridian-foundation-2020.1.30-1

meridian-foundation-2020.1.31-1

meridian-foundation-2020.1.32-1

meridian-foundation-2021.*

meridian-foundation-2021.1.10-1

meridian-foundation-2021.1.11-1

meridian-foundation-2021.1.12-1

meridian-foundation-2021.1.14-1

meridian-foundation-2021.1.15-1

meridian-foundation-2021.1.16-1

meridian-foundation-2021.1.17-1

meridian-foundation-2021.1.18-1

meridian-foundation-2021.1.19-1

meridian-foundation-2021.1.2-1

meridian-foundation-2021.1.20-1

meridian-foundation-2021.1.21-1

meridian-foundation-2021.1.22-1

meridian-foundation-2021.1.23-1

meridian-foundation-2021.1.24-1

meridian-foundation-2021.1.3-1

meridian-foundation-2021.1.5-1

meridian-foundation-2021.1.6-1

meridian-foundation-2021.1.7-1

meridian-foundation-2021.1.8-1

meridian-foundation-2021.1.9-1

meridian-foundation-2022.*

meridian-foundation-2022.1.0-1

meridian-foundation-2022.1.1-1

meridian-foundation-2022.1.10-1

meridian-foundation-2022.1.11-1

meridian-foundation-2022.1.12-1

meridian-foundation-2022.1.13-1

meridian-foundation-2022.1.2-1

meridian-foundation-2022.1.3-1

meridian-foundation-2022.1.4-1

meridian-foundation-2022.1.5-1

meridian-foundation-2022.1.6-1

meridian-foundation-2022.1.7-1

meridian-foundation-2022.1.8-1

meridian-foundation-2022.1.9-1

meridian-foundation-2023.*

meridian-foundation-2023.1.0-1

opennms-1.*

opennms-1.11.1-1

opennms-1.11.3-1

opennms-1.13.2-1

opennms-1.9.0-1

opennms-1.9.4-1

opennms-1.9.93-1

opennms-20.*

opennms-20.0.0-1

opennms-25.*

opennms-25.0.0-1

opennms-25.1.0-1

opennms-25.1.1-1

opennms-25.1.2-1

opennms-25.2.0-1

opennms-25.2.1-1

opennms-31.*

opennms-31.0.0-1

opennms-31.0.1-1

opennms-31.0.4-1

space-integration-12.*

space-integration-12.2-code-freeze

Database specific

vanir_signatures_modified

"2026-04-12T08:34:21Z"

vanir_signatures

[
    {
        "id": "CVE-2023-0870-e1ca2707",
        "target": {
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "23136064305974959507363420800670550611",
                "292015173477044714786176247128172123664",
                "29507206020182196750159541926726832067",
                "289273862543051196620066023069107212341"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/opennms/opennms/commit/c869ac19eb49215bfdbcf4a2a7220716db696dd4",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2023-0870-e293e665",
        "target": {
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java",
            "function": "getFrameworkUrl"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "168779852667996611681406272899533616011",
            "length": 185.0
        },
        "signature_type": "Function",
        "source": "https://github.com/opennms/opennms/commit/c869ac19eb49215bfdbcf4a2a7220716db696dd4",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0870.json"