CVE-2021-39175 - OpenCVE

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Hedgedoc	Hedgedoc

Configuration 1 [-]

cpe:2.3:a:hedgedoc:hedgedoc:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/hedgedoc/hedgedoc/pull/1369	Patch Third Party Advisory
https://github.com/hedgedoc/hedgedoc/pull/1375	Patch Third Party Advisory
https://github.com/hedgedoc/hedgedoc/pull/1513	Patch Third Party Advisory
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-08-30T20:40:13

Updated: 2021-08-30T20:40:13

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39175

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-30T21:15:09.523

Modified: 2022-10-25T18:01:11.613

Link: CVE-2021-39175

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "hedgedoc", "vendor": "hedgedoc", "versions": [{"status": "affected", "version": "< 1.9.0"}]}], "descriptions": [{"lang": "en", "value": "HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-346", "description": "CWE-346: Origin Validation Error", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-30T20:40:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1369"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1375"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1513"}], "source": {"advisory": "GHSA-j748-779h-9697", "discovery": "UNKNOWN"}, "title": "XSS vector in slide mode speaker-view", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-39175", "STATE": "PUBLIC", "TITLE": "XSS vector in slide mode speaker-view"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "hedgedoc", "version": {"version_data": [{"version_value": "< 1.9.0"}]}}]}, "vendor_name": "hedgedoc"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}, {"description": [{"lang": "eng", "value": "CWE-346: Origin Validation Error"}]}]}, "references": {"reference_data": [{"name": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697", "refsource": "CONFIRM", "url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697"}, {"name": "https://github.com/hedgedoc/hedgedoc/pull/1369", "refsource": "MISC", "url": "https://github.com/hedgedoc/hedgedoc/pull/1369"}, {"name": "https://github.com/hedgedoc/hedgedoc/pull/1375", "refsource": "MISC", "url": "https://github.com/hedgedoc/hedgedoc/pull/1375"}, {"name": "https://github.com/hedgedoc/hedgedoc/pull/1513", "refsource": "MISC", "url": "https://github.com/hedgedoc/hedgedoc/pull/1513"}]}, "source": {"advisory": "GHSA-j748-779h-9697", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-39175", "datePublished": "2021-08-30T20:40:13", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2021-08-30T20:40:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hedgedoc:hedgedoc:*:*:*:*:*:*:*:*", "matchCriteriaId": "81394535-06A5-4A99-A7B6-8A7DB22B56C5", "versionEndExcluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading."}, {"lang": "es", "value": "HedgeDoc es una plataforma para escribir y compartir markdown. En versiones anteriores a1.9.0, un atacante no autenticado puede inyectar JavaScript arbitrario en las notas de los oradores de la funci\u00f3n de modo de diapositivas al insertar un iframe que aloje el c\u00f3digo malicioso en las diapositivas o al insertar la instancia de HedgeDoc en otra p\u00e1gina. El problema est\u00e1 parcheado en versi\u00f3n 1.9.0. No se conocen soluciones aparte de la actualizaci\u00f3n."}], "id": "CVE-2021-39175", "lastModified": "2022-10-25T18:01:11.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-08-30T21:15:09.523", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1369"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1375"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1513"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-346"}, {"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}