CWE-838
AllowedInappropriate Encoding for Output Context
Abstraction: Base · Status: Incomplete
The product uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.
16 vulnerabilities reference this CWE, most recent first.
CVE-2026-53641 (GCVE-0-2026-53641)
Vulnerability from cvelistv5 – Published: 2026-07-06 22:36 – Updated: 2026-07-08 19:41| URL | Tags |
|---|---|
| https://github.com/FOSSBilling/FOSSBilling/securi… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| FOSSBilling | FOSSBilling |
Affected:
>= 0.6.0, < 0.8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T17:48:10.248215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T19:41:51.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FOSSBilling",
"vendor": "FOSSBilling",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.6.0, \u003c 0.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting (XSS) vulnerability in the client-facing email history views of FOSSBilling. Email HTML content (`content_html`) is rendered into a JavaScript template literal using the `|raw` filter, bypassing all output escaping. An attacker with admin access can inject malicious JavaScript payloads into email content that execute in the browser of any client who views their email history. Version 0.8.0 contains a fix. Some workarounds are available. Restrict admin account access, audit email content in the database for suspicious payloads, and/or monitor client accounts for unusual activity."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-838",
"description": "CWE-838: Inappropriate Encoding for Output Context",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T22:41:27.429Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-q6c8-6r72-35f7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-q6c8-6r72-35f7"
}
],
"source": {
"advisory": "GHSA-q6c8-6r72-35f7",
"discovery": "UNKNOWN"
},
"title": "FOSSBilling has stored XSS in client email views via unescaped content in JavaScript template literal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-53641",
"datePublished": "2026-07-06T22:36:38.105Z",
"dateReserved": "2026-06-09T20:16:59.648Z",
"dateUpdated": "2026-07-08T19:41:51.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-34006 (GCVE-0-2024-34006)
Vulnerability from cvelistv5 – Published: 2024-05-31 20:36 – Updated: 2024-08-02 02:42- CWE-838 - Inappropriate Encoding for Output Context
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
4.0 , ≤ 4.3.3
(semver)
Affected: 4.2 , ≤ 4.2.6 (semver) Affected: 4.1 , ≤ 4.1.9 (semver) |
|||
| fedoraproject | fedora |
Affected:
4.0 , ≤ 4.3.3
(custom)
cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:* |
|
| fedoraproject | fedora |
Affected:
4.1 , ≤ 4.1.9
(custom)
cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:* |
|
| fedoraproject | fedora |
Affected:
4.2 , ≤ 4.2.6
(custom)
cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"lessThanOrEqual": "4.3.3",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"lessThanOrEqual": "4.1.9",
"status": "affected",
"version": "4.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"lessThanOrEqual": "4.2.6",
"status": "affected",
"version": "4.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:10:13.250364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:42:30.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=458395"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unknown",
"packageName": "Moodle",
"versions": [
{
"lessThanOrEqual": "4.3.3",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.6",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.9",
"status": "affected",
"version": "4.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Leon Stringer"
}
],
"datePublic": "2024-05-20T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eThe site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-838",
"description": "CWE-838 Inappropriate Encoding for Output Context",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T20:36:08.390Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://moodle.org/mod/forum/discuss.php?d=458395"
}
],
"title": "moodle: unsanitized HTML in site log for config_log_created"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-34006",
"datePublished": "2024-05-31T20:36:08.390Z",
"dateReserved": "2024-04-29T13:02:30.267Z",
"dateUpdated": "2024-08-02T02:42:59.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5770 (GCVE-0-2023-5770)
Vulnerability from cvelistv5 – Published: 2024-01-09 22:02 – Updated: 2025-06-03 14:29- CWE-838 - Inappropriate Encoding for Output Context
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Proofpoint Enterprise Protection |
Affected:
8.20.2 , < patch 4809
(semver)
Affected: 8.20.0 , < patch 4805 (semver) Affected: 8.18.6 , < patch 4804 (semver) Affected: 8.0 , < 8.18.6 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:43:41.522534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:29:46.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Email Delivery Agent"
],
"product": "Proofpoint Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4809",
"status": "unaffected"
}
],
"lessThan": "patch 4809",
"status": "affected",
"version": "8.20.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4805",
"status": "unaffected"
}
],
"lessThan": "patch 4805",
"status": "affected",
"version": "8.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4804",
"status": "unaffected"
}
],
"lessThan": "patch 4804",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"lessThan": "8.18.6",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eProofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.\u003c/span\u003e\u003cp\u003eThis issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.\u003c/p\u003e"
}
],
"value": "Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-838",
"description": "CWE-838 Inappropriate Encoding for Output Context",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T22:02:03.839Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTML injection in email body through email subject",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-5770",
"datePublished": "2024-01-09T22:02:03.839Z",
"dateReserved": "2023-10-25T17:57:53.751Z",
"dateUpdated": "2025-06-03T14:29:46.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7292 (GCVE-0-2020-7292)
Vulnerability from cvelistv5 – Published: 2020-07-15 14:50 – Updated: 2024-08-04 09:25- CWE-838 - Inappropriate Encoding for output context
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | McAfee Web Gateway (MWG) |
Affected:
unspecified , < 9.2.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Web Gateway (MWG)",
"vendor": "McAfee",
"versions": [
{
"lessThan": "9.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-838",
"description": "CWE-838 Inappropriate Encoding for output context",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-14T15:35:31.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10323"
}
],
"source": {
"advisory": "SB10323",
"discovery": "EXTERNAL"
},
"title": "Web Gateway (MWG) - Inappropriate Encoding for output context",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2020-7292",
"STATE": "PUBLIC",
"TITLE": "Web Gateway (MWG) - Inappropriate Encoding for output context"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Web Gateway (MWG)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.1"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-838 Inappropriate Encoding for output context"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10323",
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10323"
}
]
},
"source": {
"advisory": "SB10323",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2020-7292",
"datePublished": "2020-07-15T14:50:14.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:25:48.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2PGC-776H-4JHR
Vulnerability from github – Published: 2025-05-05 18:32 – Updated: 2025-05-06 15:31Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2025-4052"
],
"database_specific": {
"cwe_ids": [
"CWE-838"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-05T18:15:44Z",
"severity": "CRITICAL"
},
"details": "Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-2pgc-776h-4jhr",
"modified": "2025-05-06T15:31:03Z",
"published": "2025-05-05T18:32:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4052"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/401927528"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MP8-W7V3-999F
Vulnerability from github – Published: 2023-12-06 03:30 – Updated: 2024-02-15 21:31Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2023-6512"
],
"database_specific": {
"cwe_ids": [
"CWE-838"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-06T02:15:07Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-7mp8-w7v3-999f",
"modified": "2024-02-15T21:31:26Z",
"published": "2023-12-06T03:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6512"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1457702"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-34"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5573"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7R4Q-Q89F-2MCG
Vulnerability from github – Published: 2024-11-26 15:31 – Updated: 2024-11-27 18:34Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
{
"affected": [],
"aliases": [
"CVE-2024-11702"
],
"database_specific": {
"cwe_ids": [
"CWE-838"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-26T14:15:19Z",
"severity": "HIGH"
},
"details": "Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox \u003c 133 and Thunderbird \u003c 133.",
"id": "GHSA-7r4q-q89f-2mcg",
"modified": "2024-11-27T18:34:03Z",
"published": "2024-11-26T15:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11702"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1918884"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-855X-QR5W-6PWV
Vulnerability from github – Published: 2022-11-23 18:30 – Updated: 2022-11-28 18:30The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.
{
"affected": [],
"aliases": [
"CVE-2021-35246"
],
"database_specific": {
"cwe_ids": [
"CWE-319",
"CWE-838"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-23T17:15:00Z",
"severity": "MODERATE"
},
"details": "The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user\u0027s network traffic could bypass the application\u0027s use of SSL/TLS encryption and use the application as a platform for attacks against its users.",
"id": "GHSA-855x-qr5w-6pwv",
"modified": "2022-11-28T18:30:16Z",
"published": "2022-11-23T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35246"
},
{
"type": "WEB",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246"
},
{
"type": "WEB",
"url": "https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm"
},
{
"type": "WEB",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G66M-FQXF-3W35
Vulnerability from github – Published: 2022-10-19 19:00 – Updated: 2022-12-16 17:10Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the input step. This ID is used for the URLs that process user interactions for the given input step (proceed or abort) and is not correctly encoded.
This allows attackers able to configure Pipelines to have Jenkins build URLs from input step IDs that would bypass the CSRF protection of any target URL in Jenkins when the input step is interacted with.
Pipeline: Input Step Plugin 456.vd8a_957db_5b_e9 limits the characters that can be used for the ID of input steps in Pipelines to alphanumeric characters and URL-safe punctuation. Pipelines with input steps having IDs with prohibited characters will fail with an error.
This includes Pipelines that have already been started but not finished before Jenkins is restarted to apply this update.
Pipeline: Declarative Plugin provides an input directive that is internally using the input step, and specifies a non-default ID if not user-defined. Pipeline: Declarative Plugin 2.2114.v2654ca_721309 and earlier may specify values incompatible with this new restriction on legal values: input directives in a stage use the stage name (which may include prohibited characters) and input directives in a matrix will use a value generated from the matrix axis values (which always includes prohibited characters). Administrators are advised to update Pipeline: Input Step Plugin and Pipeline: Declarative Plugin at the same time, ideally while no Pipelines are running.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 456.vd8a"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:pipeline-input-step"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "456.vd8a_957db_5b_e9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-43407"
],
"database_specific": {
"cwe_ids": [
"CWE-352",
"CWE-838"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-19T21:21:29Z",
"nvd_published_at": "2022-10-19T16:15:00Z",
"severity": "HIGH"
},
"details": "Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the `input` step. This ID is used for the URLs that process user interactions for the given `input` step (proceed or abort) and is not correctly encoded.\n\nThis allows attackers able to configure Pipelines to have Jenkins build URLs from `input` step IDs that would bypass the CSRF protection of any target URL in Jenkins when the `input` step is interacted with.\n\nPipeline: Input Step Plugin 456.vd8a_957db_5b_e9 limits the characters that can be used for the ID of `input` steps in Pipelines to alphanumeric characters and URL-safe punctuation. Pipelines with `input` steps having IDs with prohibited characters will fail with an error.\n\nThis includes Pipelines that have already been started but not finished before Jenkins is restarted to apply this update.\n\n[Pipeline: Declarative Plugin](https://plugins.jenkins.io/pipeline-model-definition/) provides an `input` directive that is internally using the `input` step, and specifies a non-default ID if not user-defined. Pipeline: Declarative Plugin 2.2114.v2654ca_721309 and earlier may specify values incompatible with this new restriction on legal values: `input` directives in a `stage` use the stage name (which may include prohibited characters) and `input` directives in a `matrix` will use a value generated from the matrix axis values (which always includes prohibited characters). Administrators are advised to update Pipeline: Input Step Plugin and Pipeline: Declarative Plugin at the same time, ideally while no Pipelines are running.",
"id": "GHSA-g66m-fqxf-3w35",
"modified": "2022-12-16T17:10:18Z",
"published": "2022-10-19T19:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43407"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/pipeline-input-step-plugin/commit/d8a957db5be95ddfbf81f41a60b2f034000314b5"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/pipeline-input-step-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin"
}
GHSA-G975-F26H-93G8
Vulnerability from github – Published: 2022-10-19 19:00 – Updated: 2023-10-27 20:58Jenkins Pipeline: Stage View Plugin provides a visualization of Pipeline builds. It also allows users to interact with input steps from Pipeline: Input Step Plugin.
Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of input steps when using it to generate URLs to proceed or abort Pipeline builds.
This allows attackers able to configure Pipelines to specify input step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.
Pipeline: Stage View Plugin 2.27 correctly encodes the ID of input steps when using it to generate URLs to proceed or abort Pipeline builds.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view"
},
"ranges": [
{
"events": [
{
"introduced": "2.25"
},
{
"fixed": "2.27"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-43408"
],
"database_specific": {
"cwe_ids": [
"CWE-352",
"CWE-838"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-19T20:27:47Z",
"nvd_published_at": "2022-10-19T16:15:00Z",
"severity": "HIGH"
},
"details": "Jenkins Pipeline: Stage View Plugin provides a visualization of Pipeline builds. It also allows users to interact with `input` steps from Pipeline: Input Step Plugin.\n\nPipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of `input` steps when using it to generate URLs to proceed or abort Pipeline builds.\n\nThis allows attackers able to configure Pipelines to specify `input` step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.\n\nPipeline: Stage View Plugin 2.27 correctly encodes the ID of `input` steps when using it to generate URLs to proceed or abort Pipeline builds.",
"id": "GHSA-g975-f26h-93g8",
"modified": "2023-10-27T20:58:14Z",
"published": "2022-10-19T19:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43408"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/pipeline-stage-view-plugin/commit/cee275109ee748fa9f599ec60159807a28a2933f"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins"
}
Mitigation
Strategy: Output Encoding
Use context-aware encoding. That is, understand which encoding is being used by the downstream component, and ensure that this encoding is used. If an encoding can be specified, do so, instead of assuming that the default encoding is the same as the default being assumed by the downstream component.
Mitigation
Strategy: Output Encoding
Where possible, use communications protocols or data formats that provide strict boundaries between control and data. If this is not feasible, ensure that the protocols or formats allow the communicating components to explicitly state which encoding/decoding method is being used. Some template frameworks provide built-in support.
Mitigation MIT-4.3
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error.
- Note that some template mechanisms provide built-in support for the appropriate encoding.
CAPEC-468: Generic Cross-Browser Cross-Domain Theft
An attacker makes use of Cascading Style Sheets (CSS) injection to steal data cross domain from the victim's browser. The attack works by abusing the standards relating to loading of CSS: 1. Send cookies on any load of CSS (including cross-domain) 2. When parsing returned CSS ignore all data that does not make sense before a valid CSS descriptor is found by the CSS parser.