| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | CVE ID | Zenoss Bug ID | Summary | Impact Description | Vendor Status | |||||||||||||||||||||
2 | Provided by Matasano Security | Provided by Zenoss | ||||||||||||||||||||||||
3 | CVE-2014-6253 | ZEN-12653 | Systemic Cross Site Request Forgery | An attacker could utilize a cross site request forgery to force a user to perform actions without their knowing. If an attacker were able to coerce a user to visit a malicious page, the attacker could embed malicious content that automatically performs a POST or GET request on behalf of the authenticated user, performing an arbitrary action. Furthermore, if the site contains multiple cross site scripting vulnerabilities, an attacker could utilize these vulnerabilities to force a user to perform an action simply by passively viewing content on the control center site. | BACKLOG: We are internally tracking this as ZEN-12653. It has been assigned priority 3 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
4 | CVE-2014-6254 | ZEN-15381 | Systemic Stored Cross-Site Scripting in Zenoss Attributes | Attackers can cause authenticated users of the application to perform action on behalf of the attacker, and to send data from the application to the attacker. In pages that display device names and details, report names or details, portlet names, and other information from Zenoss, data from the browser is integrated into pages without validation or encoding. This allows attackers to create links and form submissions that result in code of the attacker's choosing being integrated into the resulting pages. If an attacker can convince another user to click their link, or view any web page on the internet that the attacker can partially control, the user's browser will execute the attacker's JavaScript in the context of the target site. | BACKLOG: We are internally tracking this as ZEN-15381. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
5 | CVE-2014-9245 | ZEN-15382 | Stack Trace Contains Internal URLs and Other Sensitive Information | Attempting to rename a product to a name containing special characters fails, and an error page containing a stack trace is returned. An attacker may be able to use this information to plan further attacks, or in a social engineering attack. | BACKLOG: We are internally tracking this as ZEN-15382. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
6 | CVE-2014-6255 | ZEN-11998 | Open Redirect in Login Form | An open redirect is an endpoint in the application which accepts a GET request with an arbitrary URL embedded in the path or query string, and issues a HTTP redirect to the specified URL. This allows attackers to craft a link which appears to lead to the application, but results in a page controlled by the attacker. The login form accepts an arbitrary URL in the `came_from` query parameter, and redirects the user to this url after a successful login. | CLOSED: We are internally tracking this as ZEN-11998. It has been resolved in Zenoss 4.2.5 SP161. | |||||||||||||||||||||
7 | CVE-2014-6261 | ZEN-12657 | Remote Code Execution via Version Check | An attacker who is able to get a victim to visit an attacker-controlled website while logged in to the Zenoss interface can execute arbitrary code on the Zenoss installation. Additionally, an attacker who is able to perform a man-in-the-middle attack between the Zenoss installation and Zenoss' corporate "callhome" server - or control the "callhome" server - can execute arbitrary code on the Zenoss installation. | BACKLOG: We are internally tracking this as ZEN-12657. It has been assigned priority 3 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
8 | CVE-2014-6256 | ZEN-15386 | Authorization Bypass Allows Moving Arbitrary Files | An attacker may be able to move files containing sensitive data to a publicly accessible directory, or place files containing attacker-controlled content into a location where they will be executed. | BACKLOG: We are internally tracking this as ZEN-15386. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
9 | CVE-2014-9246 | ZEN-15388 | Cross-Site Request Forgery Leads to ZenPack Installation | The Zenoss user interface allows qualified users to upload ZenPacks, which will then be unpacked and installed. These ZenPacks will be loaded by Zenoss after it is restarted. Because there is no cross-site request forgery protection, an attacker may exploit this ability to run code on the Zenoss server when it is restarted. | BACKLOG: We are internally tracking this as ZEN-15388. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
10 | CVE-2014-9246 | ZEN-12691 | Sessions Do Not Expire | An attacker on a shared computer setup (such as a library or kiosk) could visit the Zenoss dashboard, write down the associated session ID cookie, and enter it on their computer as well. When a user logs in to Zenoss, the attacker will then be logged in as the user. | CLOSED: We are internally tracking this as ZEN-12691. It has been resolved in the latest Zenoss 4.2.5 SP. | |||||||||||||||||||||
11 | CVE-2014-9247 | ZEN-15389 | User Enumeration via User Manager | Even as an unprivileged user, the ZenUsers page lists the users in the system, their email addresses, and their roles. | BACKLOG: We are internally tracking this as ZEN-15389. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
12 | CVE-2014-9248 | ZEN-15406 | No Password Complexity Requirements | A user may choose a bad password that makes it easy for an attacker to guess their password and log in to their account. The application does not enforce any password complexity requirements. | BACKLOG: We are internally tracking this as ZEN-15406. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
13 | CVE-2014-6257 | ZEN-15407 | Systemic Authorization Bypasses | An attacker may be able to trigger actions that were not intended to be triggered, or may be able to trigger actions that would normally require more permissions than their account has. The Zope platform on which Zenoss runs maps URLs to a tree of objects, with the final path component as a method call on the specified object. Methods can be protected with the `ZEN_CHANGE_SETTINGS` permission, however the default state for object methods is to be accessible. Many helper methods not intended to be directly invoked as web endpoints are not protected, and can be invoked by any user who has access to view the underlying object. | BACKLOG: We are internally tracking this as ZEN-15407. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
14 | CVE-2014-9249 | ZEN-15408 | Exposed Services in Default Configuration | An attacker may be able to read or modify system information from any of the available databases, use write access to one of the servers to inject information that may exploit the trusted position of those databases in Zenoss, or exploit a vulnerability in any of the other pieces of software. This is due to unnecessarily exposed open ports. | CLOSED: We are internally tracking this as ZEN-15408. We will not be addressing this in the Zenoss 4 line, and it has been resolved in the Zenoss 5 line. | |||||||||||||||||||||
15 | CVE-2014-9250 | ZEN-10148 | Cookie Authentication is Insecure | An attacker able to retrieve the authentication cookie (which does not have the HttpOnly flag set) would be able to determine the user's username and password. | CLOSED: We are internally tracking this as ZEN-10148. We are not planning a product change for this issue. We recommend that users wanting to use cookie-based authentication configure their Zenoss installation to operate over SSL/HTTPs. | |||||||||||||||||||||
16 | CVE-2014-6254 | ZEN-15410 | Cross Site Scripting from Exposed Helper Methods | Many "helper" methods on internal objects are exposed to direct invocation via HTTP requests. Various methods which perform string manipulations can be used to perform both stored and reflected cross-site scripting (XSS) attacks. (Additionally, see Issue #11) | BACKLOG: We are internally tracking this as ZEN-15410. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
17 | CVE-2014-6258 | ZEN-15411 | Denial of Service from User-Supplied Regular Expression | A publicly accessible endpoint on the server allows a client to specify a regex and a string to match it against. An attacker can craft a match which requires exponential time to complete, preventing the server from responding to other requests. | BACKLOG: We are internally tracking this as ZEN-15411. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
18 | CVE-2014-6260 | ZEN-15412 | Page Command can be Edited Without Password Re-Entry | An attacker who is able to gain access to an administrator's session (either via an unlocked computer or other means of attack) would be able to change the pager command, leading to users not receiving pages, or arbitrary command execution. The command used to send a page to users can be edited by users with sufficient permission, without re-entering their password. Where commands are entered elsewhere in the system, editing a command requires a user's password, to avoid an attacker using a logged-in session of an administrator to change commands. | BACKLOG: We are internally tracking this as ZEN-15412. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
19 | CVE-2014-9251 | ZEN-15413 | Weak Password Hashing Algorithm | An attacker who is able to get a copy of the Zenoss database may be able to brute-force passwords. | BACKLOG: We are internally tracking this as ZEN-15413. It has been assigned priority 3 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
20 | CVE-2014-6259 | ZEN-15414 | Denial of Service Via XML Recursive Entity Expansion ("Billion Laughs") | An attacker can cause the server to consume arbitrarily large amounts of memory and CPU resources, causing a denial of service. | BACKLOG: We are internally tracking this as ZEN-15414. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
21 | CVE-2014-6262 | ZEN-15415 | Denial of Service via RRDtool Format String Vulnerability | The Zenoss user interface may be unavailable if an ongoing attack using these vulnerabilities is being executed. If the CVE-2013-2131 vulnerability is exploited, remote code execution may result. A pair of format string vulnerabilities in RRDtool may lead to unwanted behavior. Denial of service attack is confirmed, but more sophisticated attacks could potentially lead to code execution. | CLOSED: We are internally tracking this as ZEN-15415. We will not be addressing this in the Zenoss 4 line, and it has been resolved in the Zenoss 5 line. | |||||||||||||||||||||
22 | CVE-2014-9252 | ZEN-15416 | Plaintext Password Stored in Session on Server | An attacker who is able to gain access to the session database can obtain plaintext copies of user passwords. The attacker may then use those passwords to authenticate to Zenoss, or to attempt attacks on other services where credential reuse is a possibility. | BACKLOG: We are internally tracking this as ZEN-15416. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line. | |||||||||||||||||||||
23 | ||||||||||||||||||||||||||
24 | ||||||||||||||||||||||||||
25 | ||||||||||||||||||||||||||
26 | ||||||||||||||||||||||||||
27 | ||||||||||||||||||||||||||
28 | ||||||||||||||||||||||||||
29 | ||||||||||||||||||||||||||
30 | ||||||||||||||||||||||||||
31 | ||||||||||||||||||||||||||
32 | ||||||||||||||||||||||||||
33 | ||||||||||||||||||||||||||
34 | ||||||||||||||||||||||||||
35 | ||||||||||||||||||||||||||
36 | ||||||||||||||||||||||||||
37 | ||||||||||||||||||||||||||
38 | ||||||||||||||||||||||||||
39 | ||||||||||||||||||||||||||
40 | ||||||||||||||||||||||||||
41 | ||||||||||||||||||||||||||
42 | ||||||||||||||||||||||||||
43 | ||||||||||||||||||||||||||
44 | ||||||||||||||||||||||||||
45 | ||||||||||||||||||||||||||
46 | ||||||||||||||||||||||||||
47 | ||||||||||||||||||||||||||
48 | ||||||||||||||||||||||||||
49 | ||||||||||||||||||||||||||
50 | ||||||||||||||||||||||||||
51 | ||||||||||||||||||||||||||
52 | ||||||||||||||||||||||||||
53 | ||||||||||||||||||||||||||
54 | ||||||||||||||||||||||||||
55 | ||||||||||||||||||||||||||
56 | ||||||||||||||||||||||||||
57 | ||||||||||||||||||||||||||
58 | ||||||||||||||||||||||||||
59 | ||||||||||||||||||||||||||
60 | ||||||||||||||||||||||||||
61 | ||||||||||||||||||||||||||
62 | ||||||||||||||||||||||||||
63 | ||||||||||||||||||||||||||
64 | ||||||||||||||||||||||||||
65 | ||||||||||||||||||||||||||
66 | ||||||||||||||||||||||||||
67 | ||||||||||||||||||||||||||
68 | ||||||||||||||||||||||||||
69 | ||||||||||||||||||||||||||
70 | ||||||||||||||||||||||||||
71 | ||||||||||||||||||||||||||
72 | ||||||||||||||||||||||||||
73 | ||||||||||||||||||||||||||
74 | ||||||||||||||||||||||||||
75 | ||||||||||||||||||||||||||
76 | ||||||||||||||||||||||||||
77 | ||||||||||||||||||||||||||
78 | ||||||||||||||||||||||||||
79 | ||||||||||||||||||||||||||
80 | ||||||||||||||||||||||||||
81 | ||||||||||||||||||||||||||
82 | ||||||||||||||||||||||||||
83 | ||||||||||||||||||||||||||
84 | ||||||||||||||||||||||||||
85 | ||||||||||||||||||||||||||
86 | ||||||||||||||||||||||||||
87 | ||||||||||||||||||||||||||
88 | ||||||||||||||||||||||||||
89 | ||||||||||||||||||||||||||
90 | ||||||||||||||||||||||||||
91 | ||||||||||||||||||||||||||
92 | ||||||||||||||||||||||||||
93 | ||||||||||||||||||||||||||
94 | ||||||||||||||||||||||||||
95 | ||||||||||||||||||||||||||
96 | ||||||||||||||||||||||||||
97 | ||||||||||||||||||||||||||
98 | ||||||||||||||||||||||||||
99 | ||||||||||||||||||||||||||
100 |