CVE-2024-52763 is a cross-site scripting (XSS) vulnerability identified in Ganglia-web versions 3.73 through 3.75, specifically within the /graph_all_periods.php component. The vulnerability arises from insufficient sanitization of user-supplied input in the 'g' parameter, allowing attackers to inject crafted payloads containing arbitrary web scripts or HTML. When a victim user accesses a manipulated URL containing the malicious payload, the injected script executes in their browser context. This can lead to theft of session cookies, defacement of the web interface, or redirection to malicious sites. The vulnerability requires the attacker to have at least low-level privileges (PR:L) and user interaction (UI:R), such as convincing a user to click a crafted link. The scope is classified as changed (S:C) because the vulnerability affects resources beyond the attacker’s privileges by impacting other users. The CVSS 3.1 base score is 6.1, indicating a medium severity level, with the vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. No public exploits or patches are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. Ganglia-web is an open-source monitoring tool widely used in academic, research, and enterprise environments for cluster and grid monitoring, which increases the potential impact of this vulnerability.

The primary impact of CVE-2024-52763 is on the confidentiality and integrity of data within the Ganglia-web monitoring interface. Successful exploitation can allow attackers to execute arbitrary scripts in the context of authenticated users, potentially leading to session hijacking, unauthorized actions, or misleading display of monitoring data. This can undermine trust in monitoring results and may facilitate further attacks within the network. Although availability is not directly affected, the integrity compromise can disrupt operational decision-making based on monitoring data. Organizations relying on Ganglia-web for critical infrastructure monitoring could face increased risk of targeted attacks or information leakage. The requirement for low privileges and user interaction somewhat limits the attack surface, but social engineering or insider threats could exploit this vulnerability. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as the vulnerability is publicly documented.

To mitigate CVE-2024-52763, organizations should first verify if they are running Ganglia-web versions 3.73 to 3.75 and plan to upgrade to a fixed version once available. In the absence of an official patch, administrators should implement input validation and output encoding on the 'g' parameter within /graph_all_periods.php to neutralize malicious scripts. Employing web application firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting this parameter can provide interim protection. Restricting access to the Ganglia-web interface to trusted networks and enforcing strong authentication mechanisms reduces exposure. Educating users about phishing and social engineering risks can minimize successful exploitation via crafted links. Regularly monitoring web server logs for unusual requests to /graph_all_periods.php may help detect attempted exploitation. Finally, consider isolating monitoring infrastructure from general user networks to limit the impact of any compromise.