Plattform
java
Komponente
org.openrefine:main
Behoben in
3.8.4
3.8.3
CVE-2024-47879 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting OpenRefine versions up to 3.8.2. This flaw allows an attacker to execute arbitrary Clojure or Python code within the OpenRefine application by tricking a user into visiting a malicious website. The vulnerability stems from a lack of CSRF protection on the preview-expression command and is mitigated by upgrading to version 3.8.3.
The impact of this vulnerability is significant due to the ability to execute arbitrary code. An attacker could craft a malicious website that, when visited by an authenticated OpenRefine user, would silently execute attacker-controlled code. This code could potentially be used to modify data within the OpenRefine project, exfiltrate sensitive information, or even gain further access to the underlying system, depending on the permissions of the OpenRefine user and the server environment. The requirement for a valid project ID limits the scope somewhat, but the potential for data manipulation and code execution remains a serious concern.
This vulnerability was publicly disclosed on 2024-10-24. There are currently no known public exploits or active campaigns targeting this specific vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The ease of exploitation, combined with the potential impact, suggests that this vulnerability should be prioritized for remediation.
Organizations and individuals using OpenRefine for data cleaning and transformation are at risk, particularly those who share OpenRefine projects or data with external collaborators. Shared hosting environments where multiple users share the same OpenRefine instance are also at increased risk, as an attacker could potentially compromise the data of other users.
• java / server: Monitor OpenRefine logs for unusual activity related to the preview-expression command. Look for POST requests to the command endpoint without proper CSRF tokens.
grep "preview-expression" /var/log/openrefine/openrefine.log• generic web: Use curl to test the preview-expression endpoint with a crafted CSRF request to verify the lack of protection.
curl -X POST -d 'expression=alert("CSRF")' http://localhost:8080/openrefine/projects/<project_id>/data/preview-expressiondisclosure
Exploit-Status
EPSS
0.14% (33% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-47879 is to upgrade OpenRefine to version 3.8.3 or later, which includes the necessary CSRF protection. If upgrading immediately is not possible, consider implementing a Content Security Policy (CSP) to restrict the execution of inline scripts and other potentially malicious content. While not a complete solution, this can reduce the attack surface. Additionally, educate users about the risks of visiting untrusted websites and opening suspicious links. After upgrading, confirm the fix by attempting to trigger the preview-expression command via a crafted HTTP request and verifying that it is properly protected against CSRF.
Actualice OpenRefine a la versión 3.8.3 o superior. Esta versión corrige la vulnerabilidad de Cross-Site Request Forgery (CSRF) en el comando `preview-expression`. La actualización evitará que un atacante ejecute código arbitrario a través de una página web maliciosa.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-47879 is a Cross-Site Request Forgery (CSRF) vulnerability in OpenRefine versions up to 3.8.2, allowing attackers to execute arbitrary code.
You are affected if you are using OpenRefine version 3.8.2 or earlier. Upgrade to 3.8.3 or later to resolve the issue.
Upgrade OpenRefine to version 3.8.3 or later. Consider implementing a Content Security Policy (CSP) as an interim measure.
There are currently no known public exploits or active campaigns targeting this vulnerability, but the potential impact warrants prompt remediation.
Refer to the OpenRefine security advisory for details: [https://openrefine.org/security/advisories/CVE-2024-47879](https://openrefine.org/security/advisories/CVE-2024-47879)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.