CVE-2023-40314

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-40314

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40314.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-40314

Aliases

GHSA-c6xw-hg9q-3c9f

Published

2023-11-16T22:15:27Z

Modified

2024-05-14T11:48:12.617544Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer

Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

OpenNMS thanks

Moshe Apelbaum

for reporting this issue.

References

https://github.com/OpenNMS/opennms/pull/6791

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type: GIT
Repo: https://github.com/opennms/opennms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9be85488f406d781b71f963d6d4196392f81f73c

Affected versions

meridian-foundation-2015.*

meridian-foundation-2015.1.0-1

meridian-foundation-2015.1.1-1

meridian-foundation-2015.1.10-1

meridian-foundation-2015.1.2-1

meridian-foundation-2015.1.3-1

meridian-foundation-2015.1.4-1

meridian-foundation-2015.1.5-1

meridian-foundation-2015.1.6-1

meridian-foundation-2015.1.7-1

meridian-foundation-2016.*

meridian-foundation-2016.1.1-1

meridian-foundation-2016.1.10-1

meridian-foundation-2016.1.15-1

meridian-foundation-2016.1.2-1

meridian-foundation-2016.1.3-1

meridian-foundation-2016.1.4-1

meridian-foundation-2016.1.5-1

meridian-foundation-2016.1.6-1

meridian-foundation-2016.1.7-1

meridian-foundation-2016.1.9-1

meridian-foundation-2017.*

meridian-foundation-2017.1.0-1

meridian-foundation-2017.1.10-1

meridian-foundation-2017.1.2-1

meridian-foundation-2017.1.3-1

meridian-foundation-2017.1.4-1

meridian-foundation-2017.1.5-1

meridian-foundation-2018.*

meridian-foundation-2018.1.30-1

meridian-foundation-2018.1.31-1

meridian-foundation-2019.*

meridian-foundation-2019.1.21-1

meridian-foundation-2019.1.22-1

meridian-foundation-2019.1.23-1

meridian-foundation-2019.1.24-1

meridian-foundation-2019.1.25-1

meridian-foundation-2019.1.26-1

meridian-foundation-2019.1.27-1

meridian-foundation-2019.1.28-1

meridian-foundation-2019.1.29-1

meridian-foundation-2019.1.30-1

meridian-foundation-2019.1.31-1

meridian-foundation-2019.1.32-1

meridian-foundation-2019.1.33-1

meridian-foundation-2019.1.34-1

meridian-foundation-2019.1.35-1

meridian-foundation-2019.1.36-1

meridian-foundation-2019.1.37-1

meridian-foundation-2019.1.38-1

meridian-foundation-2019.1.39-1

meridian-foundation-2019.1.40-1

meridian-foundation-2020.*

meridian-foundation-2020.1.10-1

meridian-foundation-2020.1.11-1

meridian-foundation-2020.1.12-1

meridian-foundation-2020.1.13-1

meridian-foundation-2020.1.14-1

meridian-foundation-2020.1.15-1

meridian-foundation-2020.1.16-1

meridian-foundation-2020.1.17-1

meridian-foundation-2020.1.18-1

meridian-foundation-2020.1.19-1

meridian-foundation-2020.1.20-1

meridian-foundation-2020.1.21-1

meridian-foundation-2020.1.22-1

meridian-foundation-2020.1.23-1

meridian-foundation-2020.1.24-1

meridian-foundation-2020.1.25-1

meridian-foundation-2020.1.26-1

meridian-foundation-2020.1.27-1

meridian-foundation-2020.1.28-1

meridian-foundation-2020.1.29-1

meridian-foundation-2020.1.30-1

meridian-foundation-2020.1.31-1

meridian-foundation-2020.1.32-1

meridian-foundation-2020.1.33-1

meridian-foundation-2020.1.34-1

meridian-foundation-2020.1.35-1

meridian-foundation-2020.1.36-1

meridian-foundation-2020.1.37-1

meridian-foundation-2020.1.38-1

meridian-foundation-2020.1.39-1

meridian-foundation-2020.1.40-1

meridian-foundation-2021.*

meridian-foundation-2021.1.10-1

meridian-foundation-2021.1.11-1

meridian-foundation-2021.1.12-1

meridian-foundation-2021.1.14-1

meridian-foundation-2021.1.15-1

meridian-foundation-2021.1.16-1

meridian-foundation-2021.1.17-1

meridian-foundation-2021.1.18-1

meridian-foundation-2021.1.19-1

meridian-foundation-2021.1.2-1

meridian-foundation-2021.1.20-1

meridian-foundation-2021.1.21-1

meridian-foundation-2021.1.22-1

meridian-foundation-2021.1.23-1

meridian-foundation-2021.1.24-1

meridian-foundation-2021.1.25-1

meridian-foundation-2021.1.26-1

meridian-foundation-2021.1.27-1

meridian-foundation-2021.1.28-1

meridian-foundation-2021.1.29-1

meridian-foundation-2021.1.3-1

meridian-foundation-2021.1.30-1

meridian-foundation-2021.1.31-1

meridian-foundation-2021.1.32-1

meridian-foundation-2021.1.33-1

meridian-foundation-2021.1.4-1

meridian-foundation-2021.1.5-1

meridian-foundation-2021.1.6-1

meridian-foundation-2021.1.7-1

meridian-foundation-2021.1.8-1

meridian-foundation-2021.1.9-1

meridian-foundation-2022.*

meridian-foundation-2022.1.0-1

meridian-foundation-2022.1.1-1

meridian-foundation-2022.1.10-1

meridian-foundation-2022.1.11-1

meridian-foundation-2022.1.12-1

meridian-foundation-2022.1.13-1

meridian-foundation-2022.1.14-1

meridian-foundation-2022.1.15-1

meridian-foundation-2022.1.16-1

meridian-foundation-2022.1.17-1

meridian-foundation-2022.1.18-1

meridian-foundation-2022.1.19-1

meridian-foundation-2022.1.2-1

meridian-foundation-2022.1.20-1

meridian-foundation-2022.1.21-1

meridian-foundation-2022.1.22-1

meridian-foundation-2022.1.3-1

meridian-foundation-2022.1.4-1

meridian-foundation-2022.1.5-1

meridian-foundation-2022.1.6-1

meridian-foundation-2022.1.7-1

meridian-foundation-2022.1.8-1

meridian-foundation-2022.1.9-1

meridian-foundation-2023.*

meridian-foundation-2023.1.0-1

meridian-foundation-2023.1.1-1

meridian-foundation-2023.1.2-1

meridian-foundation-2023.1.3-1

meridian-foundation-2023.1.4-1

meridian-foundation-2023.1.5-1

meridian-foundation-2023.1.6-1

meridian-foundation-2023.1.7-1

meridian-foundation-2023.1.8-1

meridian-foundation-2023.1.9-1

opennms-1.*

opennms-1.10.0-1

opennms-1.10.1-1

opennms-1.10.10-1

opennms-1.10.11-1

opennms-1.10.12-1

opennms-1.10.13-1

opennms-1.10.14-1

opennms-1.10.2-1

opennms-1.10.3-1

opennms-1.10.4-1

opennms-1.10.5-1

opennms-1.10.6-1

opennms-1.10.7-1

opennms-1.10.8-1

opennms-1.10.9-1

opennms-1.11.0-1

opennms-1.11.1-1

opennms-1.11.3-1

opennms-1.11.90-1

opennms-1.11.91-1

opennms-1.11.92-1

opennms-1.11.93-1

opennms-1.11.94-1

opennms-1.12.0-1

opennms-1.12.1-1

opennms-1.12.2-1

opennms-1.12.3-1

opennms-1.12.4-1

opennms-1.12.5-1

opennms-1.12.6-1

opennms-1.12.7-1

opennms-1.12.8-1

opennms-1.12.9-1

opennms-1.13.0-1

opennms-1.13.1-1

opennms-1.13.2-1

opennms-1.13.3-1

opennms-1.13.4-1

opennms-1.7.9

opennms-1.9.0-1

opennms-1.9.3-2

opennms-1.9.4-1

opennms-1.9.5-1

opennms-1.9.6-1

opennms-1.9.7-1

opennms-1.9.8-1

opennms-1.9.90-1

opennms-1.9.91-1

opennms-1.9.92-1

opennms-1.9.93-1

opennms-14.*

opennms-14.0.0-1

opennms-14.0.1-1

opennms-14.0.2-1

opennms-14.0.3-1

opennms-14.0.3-2

opennms-15.*

opennms-15.0.0-1

opennms-15.0.1-1

opennms-15.0.2-1

opennms-16.*

opennms-16.0.0-1

opennms-16.0.1-1

opennms-16.0.2-1

opennms-16.0.3-1

opennms-16.0.4-1

opennms-17.*

opennms-17.0.0-1

opennms-17.1.0-1

opennms-17.1.1-1

opennms-17.1.1-2

opennms-17.1.1-3

opennms-18.*

opennms-18.0.0-1

opennms-18.0.1-1

opennms-18.0.2-1

opennms-18.0.3-1

opennms-18.0.4-1

opennms-19.*

opennms-19.0.0-1

opennms-19.0.1-1

opennms-19.1.0-1

opennms-20.*

opennms-20.0.0-1

opennms-20.0.1-1

opennms-20.0.2-1

opennms-20.1.0-1

opennms-21.*

opennms-21.0.0-1

opennms-21.0.1-1

opennms-21.0.2-1

opennms-21.0.3-1

opennms-21.0.4-1

opennms-21.0.5-1

opennms-21.1.0-1

opennms-22.*

opennms-22.0.0-1

opennms-22.0.1-1

opennms-22.0.2-1

opennms-22.0.3-1

opennms-22.0.4-1

opennms-23.*

opennms-23.0.0-1

opennms-23.0.1-1

opennms-23.0.2-1

opennms-23.0.3-1

opennms-23.0.4-1

opennms-24.*

opennms-24.0.0-1

opennms-24.1.0-1

opennms-24.1.1-1

opennms-24.1.2-1

opennms-24.1.3-1

opennms-25.*

opennms-25.0.0-1

opennms-25.1.0-1

opennms-25.1.1-1

opennms-25.1.2-1

opennms-25.2.0-1

opennms-25.2.1-1

opennms-26.*

opennms-26.0.0-1

opennms-26.0.1-1

opennms-26.1.0-1

opennms-26.1.1-1

opennms-26.1.2-1

opennms-26.1.3-1

opennms-26.2.0-1

opennms-26.2.1-1

opennms-26.2.2-1

opennms-27.*

opennms-27.0.0-1

opennms-27.0.1-1

opennms-27.0.2-1

opennms-27.0.3-1

opennms-27.0.4-1

opennms-27.0.5-1

opennms-27.1.0-1

opennms-27.1.1-1

opennms-27.2.0-1

opennms-28.*

opennms-28.0.0-2

opennms-28.0.1-1

opennms-28.0.2-1

opennms-28.0.2-2

opennms-28.1.0-1

opennms-28.1.1-1

opennms-29.*

opennms-29.0.0-1

opennms-29.0.1-1

opennms-29.0.10-1

opennms-29.0.2-1

opennms-29.0.3-1

opennms-29.0.4-1

opennms-29.0.5-1

opennms-29.0.6-1

opennms-29.0.7-1

opennms-29.0.8-1

opennms-29.0.9-1

opennms-30.*

opennms-30.0.0-1

opennms-30.0.1-1

opennms-30.0.2-1

opennms-30.0.3-1

opennms-30.0.4-1

opennms-31.*

opennms-31.0.0-1

opennms-31.0.1-1

opennms-31.0.2-1

opennms-31.0.3-1

opennms-31.0.4-1

opennms-31.0.5-1

opennms-31.0.6-1

opennms-31.0.7-1

opennms-31.0.8-1

opennms-31.0.9-1

opennms-32.*

opennms-32.0.0-1

opennms-32.0.1-1

opennms-32.0.2-1

opennms-32.0.3-1

opennms-32.0.4-1

space-integration-12.*

space-integration-12.2-code-freeze