CVE-2024-2391 in EVE-NG
Summary
by MITRE • 03/12/2024
A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Affected by this issue is some unknown functionality of the component Lab Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256442 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/16/2025
The vulnerability identified as CVE-2024-2391 represents a critical cross site scripting flaw within EVE-NG version 5.0.1-13, specifically within the Lab Handler component. This issue falls under the CWE-79 category of Cross-Site Scripting, which is a pervasive web application security weakness that allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability's classification as problematic indicates a significant security risk that could potentially compromise the integrity and confidentiality of user data within the EVE-NG environment.
The technical exploitation of this vulnerability occurs through the Lab Handler component, which appears to process user input without adequate sanitization or validation mechanisms. When an attacker crafts malicious input within the lab handling functionality, the system fails to properly escape or filter the data before rendering it in web responses. This creates an environment where malicious scripts can be executed in the context of other users' browsers, potentially leading to session hijacking, data theft, or unauthorized actions performed on behalf of victims. The remote exploitation capability means that attackers do not require physical access to the system or local network privileges to leverage this vulnerability.
The operational impact of CVE-2024-2391 extends beyond simple script execution, as it represents a fundamental breakdown in the application's input validation and output encoding mechanisms. In a network simulation environment like EVE-NG, where users create and share lab configurations, this vulnerability could allow an attacker to inject malicious code that persists across different user sessions. The disclosure of the exploit to the public through VDB-256442 significantly increases the risk profile, as it provides threat actors with ready-made attack vectors. The lack of vendor response to early disclosure attempts compounds the issue, leaving users without official patches or mitigation guidance during a critical period when the vulnerability is actively being exploited.
Organizations utilizing EVE-NG 5.0.1-13 should immediately implement defensive measures including input validation, output encoding, and content security policies to mitigate the risk of exploitation. The ATT&CK framework categorizes this vulnerability under T1059.001 for Command and Scripting Interpreter, specifically PowerShell and Command Prompt, though the actual exploitation would occur through web-based attack vectors. Security teams should also consider implementing web application firewalls and monitoring for suspicious input patterns within the Lab Handler component. The vulnerability demonstrates the importance of maintaining up-to-date security practices and the critical need for prompt vendor response to disclosed security issues, as the absence of official patches leaves systems exposed to potential compromise.