BSI-2022-0003
Vulnerability from csaf_certbund - Published: 2022-11-04 15:00 - Updated: 2022-11-04 15:00Summary
Stored Cross-Site Scripting (XSS) Vulnerability in csaf_provider
Notes
Legal disclaimer: As a content provider, BSI is responsible under general law for its own content distributed for use. However, it remains your responsibility to carefully check usage and/or implementation of information provided with the content.
CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vendor Fix
Update to the latest version, at least version 0.8.2.
https://github.com/csaf-poc/csaf_distribution/rel…
Mitigation
Ensure that no CSAF advisories containing JavaScript code are uploaded, e.g. by organizational measures.
Affected products
First fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
CSAF Tools csaf_provider 0.8.2
CSAF POC / csaf_provider
|
0.8.2 |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
CSAF Tools csaf_provider 2.0.0
CSAF POC / csaf_provider
|
2.0.0 |
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
CSAF Tools csaf_provider 0.8.1
CSAF POC / csaf_provider
|
0.8.1 | ||
|
CSAF Tools csaf_provider 0.8.0
CSAF POC / csaf_provider
|
0.8.0 | ||
|
CSAF Tools csaf_provider 0.3.0
CSAF POC / csaf_provider
|
0.3.0 | ||
|
CSAF Tools csaf_provider 0.3.0-alpha
CSAF POC / csaf_provider
|
0.3.0-alpha | ||
|
CSAF Tools csaf_provider 0.3.0-alpha2
CSAF POC / csaf_provider
|
0.3.0-alpha2 | ||
|
CSAF Tools csaf_provider 0.3.0-alpha3
CSAF POC / csaf_provider
|
0.3.0-alpha3 | ||
|
CSAF Tools csaf_provider 0.3.0-alpha4
CSAF POC / csaf_provider
|
0.3.0-alpha4 | ||
|
CSAF Tools csaf_provider 0.3.0-alpha5
CSAF POC / csaf_provider
|
0.3.0-alpha5 | ||
|
CSAF Tools csaf_provider 0.3.0-alpha6
CSAF POC / csaf_provider
|
0.3.0-alpha6 | ||
|
CSAF Tools csaf_provider 0.2.0
CSAF POC / csaf_provider
|
0.2.0 | ||
|
CSAF Tools csaf_provider 0.1.0-alpha.1
CSAF POC / csaf_provider
|
0.1.0-alpha.1 |
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
CSAF Tools csaf_provider 2.0.0
CSAF POC / csaf_provider
|
2.0.0 |
References
1 reference
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
Acknowledgments
Cyber-Defense Campus
Damian Pfammatter
{
"document": {
"acknowledgments": [
{
"names": [
"Damian Pfammatter"
],
"organization": "Cyber-Defense Campus",
"summary": "finding and reporting the vulnerability"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "As a content provider, BSI is responsible under general law for its own content distributed for use. However, it remains your responsibility to carefully check usage and/or implementation of information provided with the content.",
"title": "Legal disclaimer"
}
],
"publisher": {
"category": "coordinator",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "BSI-2022-0003 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0003.json"
}
],
"title": "Stored Cross-Site Scripting (XSS) Vulnerability in csaf_provider",
"tracking": {
"current_release_date": "2022-11-04T15:00:00.000Z",
"generator": {
"date": "2022-11-04T14:47:20.479Z",
"engine": {
"name": "Secvisogram",
"version": "2.0.0"
}
},
"id": "BSI-2022-0003",
"initial_release_date": "2022-11-04T15:00:00.000Z",
"revision_history": [
{
"date": "2022-11-04T15:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0.0",
"product": {
"name": "CSAF Tools csaf_provider 2.0.0",
"product_id": "CSAFPID-0001"
}
},
{
"category": "product_version",
"name": "0.8.2",
"product": {
"name": "CSAF Tools csaf_provider 0.8.2",
"product_id": "CSAFPID-0002"
}
},
{
"category": "product_version",
"name": "0.8.1",
"product": {
"name": "CSAF Tools csaf_provider 0.8.1",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version",
"name": "0.8.0",
"product": {
"name": "CSAF Tools csaf_provider 0.8.0",
"product_id": "CSAFPID-0004"
}
},
{
"category": "product_version",
"name": "0.3.0",
"product": {
"name": "CSAF Tools csaf_provider 0.3.0",
"product_id": "CSAFPID-0005"
}
},
{
"category": "product_version",
"name": "0.3.0-alpha",
"product": {
"name": "CSAF Tools csaf_provider 0.3.0-alpha",
"product_id": "CSAFPID-0006"
}
},
{
"category": "product_version",
"name": "0.3.0-alpha2",
"product": {
"name": "CSAF Tools csaf_provider 0.3.0-alpha2",
"product_id": "CSAFPID-0007"
}
},
{
"category": "product_version",
"name": "0.3.0-alpha3",
"product": {
"name": "CSAF Tools csaf_provider 0.3.0-alpha3",
"product_id": "CSAFPID-0008"
}
},
{
"category": "product_version",
"name": "0.3.0-alpha4",
"product": {
"name": "CSAF Tools csaf_provider 0.3.0-alpha4",
"product_id": "CSAFPID-0009"
}
},
{
"category": "product_version",
"name": "0.3.0-alpha5",
"product": {
"name": "CSAF Tools csaf_provider 0.3.0-alpha5",
"product_id": "CSAFPID-0010"
}
},
{
"category": "product_version",
"name": "0.3.0-alpha6",
"product": {
"name": "CSAF Tools csaf_provider 0.3.0-alpha6",
"product_id": "CSAFPID-0011"
}
},
{
"category": "product_version",
"name": "0.2.0",
"product": {
"name": "CSAF Tools csaf_provider 0.2.0",
"product_id": "CSAFPID-0012"
}
},
{
"category": "product_version",
"name": "0.1.0-alpha.1",
"product": {
"name": "CSAF Tools csaf_provider 0.1.0-alpha.1",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "csaf_provider"
}
],
"category": "vendor",
"name": "CSAF POC"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013"
],
"summary": "Affected product versions"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-43996",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-05-17T10:00:00.000Z",
"notes": [
{
"category": "summary",
"text": "The endpoint \u201cupload\u201d allows valid CSAF advisories (JSON format) to be uploaded with Content-Type \u201ctext/html\u201d and filenames ending in \u201c.html\u201d. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain malicious JavaScript code, that will execute within the browser-context of users inspecting the advisory.",
"title": "Vulnerability summary"
}
],
"product_status": {
"first_fixed": [
"CSAFPID-0002"
],
"fixed": [
"CSAFPID-0001"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013"
],
"recommended": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest version, at least version 0.8.2.",
"group_ids": [
"CSAFGID-0001"
],
"restart_required": {
"category": "none",
"details": "The binary can be replaced without a need to restart any service. However, be aware of API changes between the versions."
},
"url": "https://github.com/csaf-poc/csaf_distribution/releases/latest"
},
{
"category": "mitigation",
"details": "Ensure that no CSAF advisories containing JavaScript code are uploaded, e.g. by organizational measures. ",
"group_ids": [
"CSAFGID-0001"
],
"restart_required": {
"category": "none"
}
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "FUNCTIONAL",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:L/E:F/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013"
]
}
],
"title": "Stored Cross-Site-Scripting"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…