Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-y3qu-d719-jff6
Vulnerability ID VCID-y3qu-d719-jff6
Aliases CVE-2023-48294
GHSA-fpq5-4vwm-78x4
Summary LibreNMS has Broken Access control on Graphs Feature LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2023-48294
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2023-48294
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2023-48294
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2023-48294
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2023-48294
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-fpq5-4vwm-78x4
cvssv3.1 4.3 https://github.com/librenms/librenms
generic_textual MODERATE https://github.com/librenms/librenms
cvssv3.1 4.3 https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2
generic_textual MODERATE https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2
cvssv3.1 4.3 https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf
generic_textual MODERATE https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf
cvssv3.1 4.3 https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4
cvssv3.1_qr MODERATE https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4
generic_textual MODERATE https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2023-48294
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-48294
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-48294
https://github.com/librenms/librenms
https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2
https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf
https://nvd.nist.gov/vuln/detail/CVE-2023-48294
GHSA-fpq5-4vwm-78x4 https://github.com/advisories/GHSA-fpq5-4vwm-78x4
GHSA-fpq5-4vwm-78x4 https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/librenms/librenms
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-48294
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.06914
EPSS Score 0.00024
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:46:21.846020+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/librenms/librenms/CVE-2023-48294.yml 38.6.0