CVE-2024-55958

Vulnerability

CVE-2024-55958 is a stored cross-site scripting (XSS) vulnerability in Northern.tech CFEngine Enterprise Mission Portal, affecting versions 3.24.0, 3.21.5, and earlier. The root cause is missing input validation on certain text fields in the settings interface, allowing injection of arbitrary JavaScript [1].

Exploitation

An attacker must be authenticated with administrator-level privileges to inject malicious script into a settings field. The injected script executes when another administrator opens the same form in their browser. The attack requires the victim to perform a specific action (opening the form), and the vulnerability only exists within admin-only settings, limiting the attack surface [1].

Impact

The impact is limited: it enables XSS between two administrator accounts, but cannot be triggered by low-privileged users. The attacker could potentially perform actions in the context of the victim admin, such as modifying configurations or accessing sensitive data. However, no known exploitation in the wild has been reported [1].

Mitigation

Northern.tech has released fixed versions 3.24.1 and 3.21.6, which include stricter input validation across many fields. Users should upgrade as soon as possible. As a workaround, applying principle of least privilege—restricting admin access to only trusted users—reduces the risk [1].