CVE-2024-48911: 
Python vulnerability analysis and mitigation

OpenCanary, a multi-protocol network honeypot, was found to have a local privilege escalation vulnerability (CVE-2024-48911) that affects versions prior to 0.9.4. The vulnerability was discovered and reported by Whirlylabs, with the disclosure made on October 14, 2024 (Vendor Advisory).

The vulnerability stems from OpenCanary directly executing commands taken from its configuration file. When the config file is stored in an unprivileged user directory while the daemon runs as root, it creates a security weakness. The vulnerability has been assigned a CVSS v4.0 base score of 5.8 (Medium) with the vector string CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N, and a CVSS v3.1 base score of 7.8 (High) (NVD).

The vulnerability allows an unprivileged user to modify the configuration file and potentially escalate their permissions when root later executes the daemon. This could lead to unauthorized privilege escalation on the affected system, with high impact on system integrity (Vendor Advisory).

The vulnerability has been fixed in OpenCanary version 0.9.4. Users are advised to upgrade to this version or higher to mitigate the security risk. The fix includes changes to prevent local privilege escalation via config and untrusted aliases (Release Notes).