CVE-2024-57971
📋 TL;DR
This vulnerability in Knowage Server allows attackers to perform JNDI injection attacks by manipulating JNDI names in the SpagoBI API. It affects all KNOWAGE installations before version 8.1.30. Attackers could potentially execute arbitrary code or access unauthorized data sources.
💻 Affected Systems
- Knowage Server
- SpagoBI API
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.
Likely Case
Unauthorized access to database resources, data leakage, and potential privilege escalation within the Knowage application.
If Mitigated
Limited impact with proper network segmentation and JNDI restrictions, potentially only allowing connection to controlled data sources.
🎯 Exploit Status
Exploitation requires understanding of JNDI injection techniques and the ability to send crafted requests to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.1.30
Vendor Advisory: https://github.com/KnowageLabs/Knowage-Server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d83dd0c
Restart Required: Yes
Instructions:
1. Download Knowage Server version 8.1.30 or later from official sources. 2. Backup current installation and configuration. 3. Deploy the new version following Knowage upgrade procedures. 4. Restart the Knowage Server service.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Knowage Server to only trusted sources and block external JNDI lookups.
JNDI Restriction
allConfigure JNDI settings to only allow connections to trusted data sources and disable remote JNDI lookups.
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the Knowage Server endpoints
- Monitor for unusual JNDI lookup patterns and database connection attempts from Knowage
🔍 How to Verify
Check if Vulnerable:
Check the Knowage Server version. If it's below 8.1.30, the system is vulnerable. Review the DataSourceResource.java file for the JNDI name validation logic.Check Version:
Check the Knowage installation directory for version files or check the web interface About sectionVerify Fix Applied:
Verify the Knowage Server version is 8.1.30 or higher. Check that the DataSourceResource.java file includes proper JNDI name validation starting with 'java:comp/env/jdbc/'.📡 Detection & Monitoring
Log Indicators:
- Unusual JNDI lookup patterns
- Failed database connection attempts with malformed JNDI names
- Requests to DataSourceResource endpoints with crafted parameters
Network Indicators:
- Outbound LDAP/RMI connections from Knowage Server to unexpected destinations
- Unusual database connection patterns
SIEM Query:
source="knowage" AND (jndi OR datasource) AND (error OR exception OR failed)