CVE-2024-50967
📋 TL;DR
CVE-2024-50967 is an unauthenticated access control vulnerability in Becon DATAGerry's REST API that allows attackers to remotely query user rights and permissions without authentication. This exposes sensitive authorization information including user roles and access levels. All deployments of DATAGerry up to version 2.2.0 are affected.
💻 Affected Systems
- Becon DATAGerry
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers map the entire user permission structure, enabling targeted privilege escalation attacks and complete system compromise through subsequent exploitation of identified weak permissions.
Likely Case
Unauthorized disclosure of user roles, permissions, and access control lists, facilitating reconnaissance for further attacks and potential identification of administrative accounts.
If Mitigated
Information disclosure limited to authenticated users only, preventing external attackers from gathering intelligence about the system's authorization structure.
🎯 Exploit Status
Simple HTTP GET requests to /rest/rights/ endpoint can be automated with tools like curl or wget.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None found
Restart Required: No
Instructions:
No official patch available. Monitor vendor channels for updates and apply immediately when released.
🔧 Temporary Workarounds
Network Access Control
linuxRestrict access to DATAGerry API endpoints using firewall rules or network segmentation
iptables -A INPUT -p tcp --dport [DATAGerry_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [DATAGerry_PORT] -j DROP
Reverse Proxy Authentication
allPlace DATAGerry behind a reverse proxy with authentication requirements
# Configure nginx/apache with authentication before proxying to DATAGerry
🧯 If You Can't Patch
- Implement strict network segmentation to isolate DATAGerry from untrusted networks
- Deploy a web application firewall (WAF) with rules to block unauthenticated access to /rest/rights/ endpoint
🔍 How to Verify
Check if Vulnerable:
curl -X GET http://[DATAGerry_HOST]:[PORT]/rest/rights/ - if it returns JSON data without authentication, system is vulnerableCheck Version:
Check DATAGerry web interface or configuration files for version informationVerify Fix Applied:
After applying workarounds, repeat the curl command - should return 401/403 error or require authentication📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to /rest/rights/ endpoint
- Multiple failed authentication attempts followed by successful /rest/rights/ access
Network Indicators:
- Unauthenticated HTTP GET requests to /rest/rights/ from external IPs
- High volume of requests to authorization endpoints
SIEM Query:
source="DATAGerry" AND (url_path="/rest/rights/" OR endpoint="rights") AND NOT (user!="anonymous" OR auth_success="true")