CVE-2024-45408
📋 TL;DR
CVE-2024-45408 is an incorrect permission check vulnerability in eLabFTW that allows authenticated users to access restricted information. If anonymous access is enabled (disabled by default), unauthenticated users can also exploit this. All eLabFTW instances below version 5.1.0 are affected.
💻 Affected Systems
- eLabFTW
📦 What is this software?
Elabftw by Elabftw
⚠️ Risk & Real-World Impact
Worst Case
Unauthenticated attackers accessing sensitive research data, intellectual property, or confidential lab information if anonymous access is enabled.
Likely Case
Authenticated users accessing information beyond their assigned permissions, potentially exposing sensitive data within the organization.
If Mitigated
Limited impact with proper access controls and anonymous access disabled, though authenticated users could still bypass intended restrictions.
🎯 Exploit Status
Unauthenticated exploitation requires anonymous access to be enabled; authenticated exploitation works regardless of anonymous access setting.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.1.0
Vendor Advisory: https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5
Restart Required: Yes
Instructions:
1. Backup your eLabFTW database and files. 2. Download eLabFTW version 5.1.0 or later. 3. Replace existing installation with new version. 4. Run database update if required. 5. Restart web server.
🔧 Temporary Workarounds
Disable Anonymous Access
allDisable anonymous user access in system configuration to prevent unauthenticated exploitation.
Navigate to System configuration panel and disable anonymous access
🧯 If You Can't Patch
- Disable anonymous access immediately in System configuration panel.
- Implement network segmentation to restrict access to eLabFTW from untrusted networks.
- Monitor authentication logs for unusual access patterns.
🔍 How to Verify
Check if Vulnerable:
Check eLabFTW version in admin panel or via version file; versions below 5.1.0 are vulnerable.Check Version:
Check version in eLabFTW admin panel or view /app/version.txt fileVerify Fix Applied:
Verify version is 5.1.0 or higher in admin panel and test permission checks for restricted resources.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to restricted endpoints
- Anonymous user accessing privileged resources
- Access logs showing users viewing resources beyond their permissions
Network Indicators:
- Unusual HTTP requests to restricted API endpoints or data access URLs
SIEM Query:
source="elabftw" AND (event="unauthorized_access" OR user="anonymous" AND resource_type="restricted")