CVE-2023-51653

Name of the Vulnerable Software and Affected Versions Hertzbeat versions prior to 1.4.1

Description Hertzbeat is a real-time monitoring system. In the implementation of JmxCollectImpl.java, JMXConnectorFactory.connect is vulnerable to JNDI injection. The corresponding interface is "/api/monitor/detect". If there is a URL field, the address will be used by default. When the URL is "service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari", it can be exploited to cause remote code execution.

Recommendations For versions prior to 1.4.1, update to version 1.4.1 to resolve the issue. As a temporary workaround, consider restricting access to the /api/monitor/detect interface and avoiding the use of the vulnerable JMXConnectorFactory.connect function until a patch is applied.