CVE-2024-1034 – This critical vulnerability in openBI allows at... (How to Fix)

Q: What is the severity of CVE-2024-1034?

CVE-2024-1034 has a CVSS score of 7.3 (HIGH). This critical vulnerability in openBI allows attackers to upload arbitrary files without restrictions via the uploadFile function. This affects all openBI installations up to version 1.0.8 and can be exploited remotely without authentication.

📋 TL;DR

This critical vulnerability in openBI allows attackers to upload arbitrary files without restrictions via the uploadFile function. This affects all openBI installations up to version 1.0.8 and can be exploited remotely without authentication.

💻 Affected Systems

Products:

openBI

Versions: up to 1.0.8

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the File.php controller component; any openBI installation with file upload functionality enabled is vulnerable.

📦 What is this software?

Openbi by Openbi Project

View all CVEs affecting Openbi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution by uploading webshells or malicious scripts, leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Webshell upload leading to unauthorized access, data exfiltration, or server takeover.

🟢

If Mitigated

Limited impact if file uploads are disabled or strict file type validation is enforced.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly disclosed; simple HTTP requests can trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available; upgrade to a version above 1.0.8 if released, or apply workarounds.

🔧 Temporary Workarounds

Disable file upload functionality

all

Temporarily disable the vulnerable uploadFile endpoint or restrict access to it.

# Modify /application/index/controller/File.php to comment out or remove uploadFile method
# Or use web server rules to block access to the endpoint

Implement strict file validation

all

Add server-side validation to restrict file types, extensions, and content.

# In uploadFile function, add checks for allowed extensions (e.g., only .jpg, .png)
# Validate MIME types and scan files for malicious content

🧯 If You Can't Patch

Implement a Web Application Firewall (WAF) with rules to block malicious file uploads.
Restrict network access to the openBI instance to trusted IPs only.

🔍 How to Verify

Check if Vulnerable:

Check openBI version; if ≤1.0.8, test by attempting to upload a file with a malicious extension (e.g., .php) to the upload endpoint.

Check Version:

# Check openBI version in configuration files or via admin interface

Verify Fix Applied:

After applying workarounds, test that file uploads are blocked or properly validated; verify version is >1.0.8 if patched.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /application/index/controller/File.php
Uploads of executable files (e.g., .php, .jsp)

Network Indicators:

HTTP POST requests to file upload endpoints with suspicious payloads

SIEM Query:

source="web_logs" AND uri="/application/index/controller/File.php" AND method="POST" AND (file_extension="php" OR file_extension="jsp")

📊 Metadata

CVE ID: CVE-2024-1034

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-434

Published: January 30, 2024

Last Updated: November 21, 2024

🔗 References

https://note.zhaoj.in/share/ABYkFE4wRPW5 Broken Link
https://vuldb.com/?ctiid.252309 Third Party Advisory
https://vuldb.com/?id.252309 Third Party Advisory
https://note.zhaoj.in/share/ABYkFE4wRPW5 Broken Link
https://vuldb.com/?ctiid.252309 Third Party Advisory
https://vuldb.com/?id.252309 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1034, you might also want to check these: