CVE-2022-1231 - OpenCVE

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Plantuml	Plantuml
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:plantuml:plantuml:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*

References

Link	Resource
https://github.com/plantuml/plantuml/commit/c9137be051ce98b3e3e27f65f54ec7d9f8886903	Patch Third Party Advisory
https://huntr.dev/bounties/27db9509-6cd3-4148-8d70-5942f3837604	Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EO26WBHQRMWTS44M5VLZJIJZOIGJYL3A/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FQMHXN5BVBK433C5SVSSBXWB5JLJ7NID/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-04-15T15:05:10

Updated: 2022-05-07T08:06:25

Reserved: 2022-04-04T00:00:00

Link: CVE-2022-1231

JSON object: View

NVD Information

Status : Modified

Published: 2022-04-15T15:15:12.133

Modified: 2023-11-07T03:41:49.883

Link: CVE-2022-1231

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "plantuml/plantuml", "vendor": "plantuml", "versions": [{"lessThan": "1.2022.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running)."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-07T08:06:25", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/27db9509-6cd3-4148-8d70-5942f3837604"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/plantuml/plantuml/commit/c9137be051ce98b3e3e27f65f54ec7d9f8886903"}, {"name": "FEDORA-2022-e8b1324ec8", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FQMHXN5BVBK433C5SVSSBXWB5JLJ7NID/"}, {"name": "FEDORA-2022-930b54aa84", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EO26WBHQRMWTS44M5VLZJIJZOIGJYL3A/"}], "source": {"advisory": "27db9509-6cd3-4148-8d70-5942f3837604", "discovery": "EXTERNAL"}, "title": "XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1231", "STATE": "PUBLIC", "TITLE": "XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "plantuml/plantuml", "version": {"version_data": [{"version_affected": "<", "version_value": "1.2022.4"}]}}]}, "vendor_name": "plantuml"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running)."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/27db9509-6cd3-4148-8d70-5942f3837604", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/27db9509-6cd3-4148-8d70-5942f3837604"}, {"name": "https://github.com/plantuml/plantuml/commit/c9137be051ce98b3e3e27f65f54ec7d9f8886903", "refsource": "MISC", "url": "https://github.com/plantuml/plantuml/commit/c9137be051ce98b3e3e27f65f54ec7d9f8886903"}, {"name": "FEDORA-2022-e8b1324ec8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FQMHXN5BVBK433C5SVSSBXWB5JLJ7NID/"}, {"name": "FEDORA-2022-930b54aa84", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EO26WBHQRMWTS44M5VLZJIJZOIGJYL3A/"}]}, "source": {"advisory": "27db9509-6cd3-4148-8d70-5942f3837604", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-1231", "datePublished": "2022-04-15T15:05:10", "dateReserved": "2022-04-04T00:00:00", "dateUpdated": "2022-05-07T08:06:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plantuml:plantuml:*:*:*:*:*:*:*:*", "matchCriteriaId": "0879CF5E-1364-4E9D-93DE-058948B8969F", "versionEndExcluding": "1.2022.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running)."}, {"lang": "es", "value": "Una vulnerabilidad de tipo XSS por medio de SVG insertado en el formato de diagrama SVG en el repositorio GitHub plantuml/plantuml versiones anteriores a 1.2022.4. Una vulnerabilidad de tipo XSS almacenado en el contexto del insertador de diagramas. Dependiendo del contexto real, esto va desde el robo de secretos hasta el secuestro de cuentas o incluso una ejecuci\u00f3n de c\u00f3digo, por ejemplo en aplicaciones de escritorio. Las aplicaciones basadas en la web son las m\u00e1s afectadas. Dado que el formato SVG permite enlaces clicables en los diagramas, es com\u00fanmente usado en plugins para proyectos basados en la web (como el plugin de Confluence, etc. vea https://plantuml.com/de/running)"}], "id": "CVE-2022-1231", "lastModified": "2023-11-07T03:41:49.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-15T15:15:12.133", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/plantuml/plantuml/commit/c9137be051ce98b3e3e27f65f54ec7d9f8886903"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/27db9509-6cd3-4148-8d70-5942f3837604"}, {"source": "security@huntr.dev", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EO26WBHQRMWTS44M5VLZJIJZOIGJYL3A/"}, {"source": "security@huntr.dev", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FQMHXN5BVBK433C5SVSSBXWB5JLJ7NID/"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@huntr.dev", "type": "Secondary"}]}