7.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-29246

GHSA ID

GHSA-mg5h-f3q8-c96g

EPSS Score

0.20425%

CWE

CWE-20

Published

5/12/2023

Updated

11/4/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-29246

CVE-2023-29246: Apache OpenMeetings vulnerable to remote code execution via null-bye injection

An attacker who has gained access to an admin account can perform RCE via null-byte injection

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

(GitHub Advisory)

7.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-29246

GHSA ID

GHSA-mg5h-f3q8-c96g

EPSS Score

0.20425%

CWE

CWE-20

Published

5/12/2023

Updated

11/4/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.openmeetings:openmeetings-parent	maven	>= 2.0.0, < 7.1.0	7.1.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper input validation in configuration path handling. The patches introduced a new Configuration.Type.PATH and validation logic (Path.of()) to sanitize these inputs. The pre-patch code in ConfigForm.java's onSaveSubmit method did not validate paths, and ImportInitvalues.java incorrectly assigned the STRING type to path configurations. These functions directly processed attacker-controlled path values without proper sanitization, allowing null-byte injection to bypass validation and execute arbitrary commands.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n *tt**k*r w*o **s **in** ****ss to *n **min ***ount **n p*r*orm R** vi* null-*yt* inj**tion V*n*or: T** *p**** So*tw*r* *oun**tion V*rsions *****t**: *p**** Op*nM**tin*s *rom *.*.* ***or* *.*.*

Reasoning

T** vuln*r**ility st*ms *rom improp*r input v*li**tion in *on*i*ur*tion p*t* **n*lin*. T** p*t***s intro*u*** * n*w `*on*i*ur*tion.Typ*.P*T*` *n* `v*li**tion` lo*i* (`P*t*.o*()`) to s*nitiz* t**s* inputs. T** pr*-p*t** *o** in `*on*i**orm.j*v*`'s `on

7.2

Basic Information

Concerned about an active attack path?

CVE-2023-29246: Apache OpenMeetings vulnerable to remote code execution via null-bye injection

7.2

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI