Login Sign Up

CVE-2024-36076

8.8 HIGH
CSRF

📋 TL;DR

This Cross-Site WebSocket Hijacking vulnerability in SysReptor allows attackers to hijack WebSocket connections when a logged-in user visits a malicious same-site subdomain. Attackers can escalate privileges and access sensitive information. Users of SysReptor versions 2024.28 through 2024.30 are affected.

💻 Affected Systems

Products:
  • SysReptor
Versions: 2024.28 to 2024.30
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments with same-site subdomain configurations. Requires user to be logged into SysReptor.

📦 What is this software?

Sysreptor by Syslifters

View all CVEs affecting Sysreptor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full privilege escalation leading to complete system compromise, data exfiltration, and lateral movement within the environment.

🟠

Likely Case

Unauthorized access to sensitive information and limited privilege escalation within the SysReptor application.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting attacker movement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction (visiting malicious site) but is straightforward once the malicious site is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.40

Vendor Advisory: https://github.com/Syslifters/sysreptor/security/advisories/GHSA-2vfc-3h43-vghh

Restart Required: Yes

Instructions:

1. Backup current SysReptor installation. 2. Download version 2024.40 from official releases. 3. Replace existing installation with patched version. 4. Restart SysReptor service.

🔧 Temporary Workarounds

SameSite Cookie Enforcement

all

Configure cookies with SameSite=Strict attribute to prevent cross-site requests

Configure web server to set SameSite=Strict for all cookies

Origin Validation

all

Implement WebSocket origin validation to reject connections from unauthorized domains

Implement server-side WebSocket origin checking in application code

🧯 If You Can't Patch

  • Isolate SysReptor to separate domain without subdomains
  • Implement strict Content Security Policy (CSP) with frame-ancestors and connect-src directives

🔍 How to Verify

Check if Vulnerable:

Check SysReptor version. If between 2024.28 and 2024.30 inclusive, system is vulnerable.

Check Version:

Check SysReptor web interface or configuration files for version information

Verify Fix Applied:

Verify SysReptor version is 2024.40 or later. Test WebSocket connections with origin validation.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected WebSocket connection origins
  • Failed authentication attempts via WebSocket
  • Unusual privilege escalation events

Network Indicators:

  • WebSocket connections from unexpected subdomains
  • Cross-origin WebSocket requests

SIEM Query:

websocket AND (origin NOT IN allowed_domains) OR (authentication_failure AND websocket)

📊 Metadata

CVE ID: CVE-2024-36076
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: May 19, 2024
Last Updated: December 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36076, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)