CVE-2023-31572

8.8 HIGH

Authentication Bypass

📋 TL;DR

This vulnerability in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. It affects any system running the vulnerable Bludit release candidate version. Attackers with any authenticated account can gain full administrative control.

💻 Affected Systems

Products:

• Bludit

Versions: 4.0.0-rc-2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the release candidate version 4.0.0-rc-2. Requires authenticated access to exploit.

📦 What is this software?

Bludit by Bludit

View all CVEs affecting Bludit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Bludit installation with administrative access, allowing content manipulation, data theft, and potential server compromise.

🟠

Likely Case

Unauthorized administrative access leading to website defacement, data manipulation, and installation of backdoors.

🟢

If Mitigated

Limited impact if strong authentication controls and network segmentation prevent unauthorized access attempts.

🌐 Internet-Facing: HIGH - Web applications are typically internet-facing and accessible to attackers.

🏢 Internal Only: MEDIUM - Lower risk if only accessible internally, but still vulnerable to insider threats.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated access but is simple to execute once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Upgrade to stable Bludit 4.0.0 or later

Vendor Advisory: https://github.com/bludit/bludit/releases

Restart Required: No

Instructions:

1. Backup your Bludit installation and database. 2. Download the latest stable version from the official Bludit repository. 3. Replace the vulnerable files with the updated version. 4. Verify functionality.

🔧 Temporary Workarounds

Restrict User Access

all

Limit authenticated user accounts to trusted individuals only and implement strong password policies.

Network Access Controls

all

Restrict access to the Bludit admin interface using firewall rules or network segmentation.

🧯 If You Can't Patch

• Implement strict access controls and monitor all authentication attempts
• Deploy web application firewall rules to detect and block privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Copy

Check the Bludit version in the admin panel or by examining the bl-kernel/boot.php file for version information.

Check Version:

Copy

Check admin panel or grep for version in bl-kernel/boot.php

Verify Fix Applied:

Copy

Confirm the version has been updated to 4.0.0 stable or later and test that password change functionality works only with proper authorization.

📡 Detection & Monitoring

Log Indicators:

• Unusual password change requests, especially for admin accounts
• Multiple failed authentication attempts followed by successful admin password change

Network Indicators:

• HTTP POST requests to password change endpoints from non-admin accounts

SIEM Query:

Copy

source="bludit_logs" AND (event="password_change" AND user!="admin")

📊 Metadata

CVE ID: CVE-2023-31572

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: May 16, 2023

Last Updated: January 23, 2025

🔗 References

• https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/bludit/2023/Bludit-v4.0.0-Release-candidate-2 Exploit,Third Party Advisory
• https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/bludit/2023/Bludit-v4.0.0-Release-candidate-2 Exploit,Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON