{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39350", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2022-10-25T00:00:00", "dateReserved": "2022-09-02T00:00:00", "datePublished": "2022-10-25T00:00:00"}, "containers": {"cna": {"title": "@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-10-25T00:00:00"}, "descriptions": [{"lang": "en", "value": "@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did not encode or sanitize Showdown's output. This made it possible for arbitrary JavaScript included in vulnerability details via HTML attributes to be executed in context of the frontend. Actors with the `VULNERABILITY_MANAGEMENT` permission can exploit this weakness by creating or editing a custom vulnerability and providing XSS payloads in any of the following fields: Description, Details, Recommendation, or References. The payload will be executed for users with the `VIEW_PORTFOLIO` permission when browsing to the modified vulnerability's page. Alternatively, malicious JavaScript could be introduced via any of the vulnerability databases mirrored by Dependency-Track. However, this attack vector is highly unlikely, and the maintainers of Dependency-Track are not aware of any occurrence of this happening. Note that the `Vulnerability Details` element of the `Audit Vulnerabilities` tab in the project view is not affected. The issue has been fixed in frontend version 4.6.1."}], "affected": [{"vendor": "DependencyTrack", "product": "frontend", "versions": [{"version": "< 4.6.1", "status": "affected"}]}], "references": [{"url": "https://github.com/DependencyTrack/frontend/security/advisories/GHSA-c33w-pm52-mqvf"}, {"url": "https://docs.dependencytrack.org/changelog/"}, {"url": "https://github.com/showdownjs/showdown/wiki/Markdown%27s-XSS-Vulnerability-%28and-how-to-mitigate-it%29"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79"}]}], "source": {"advisory": "GHSA-c33w-pm52-mqvf", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D8C8608-F3B7-46FD-A527-D6D0216988D6", "versionEndExcluding": "4.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did not encode or sanitize Showdown's output. This made it possible for arbitrary JavaScript included in vulnerability details via HTML attributes to be executed in context of the frontend. Actors with the `VULNERABILITY_MANAGEMENT` permission can exploit this weakness by creating or editing a custom vulnerability and providing XSS payloads in any of the following fields: Description, Details, Recommendation, or References. The payload will be executed for users with the `VIEW_PORTFOLIO` permission when browsing to the modified vulnerability's page. Alternatively, malicious JavaScript could be introduced via any of the vulnerability databases mirrored by Dependency-Track. However, this attack vector is highly unlikely, and the maintainers of Dependency-Track are not aware of any occurrence of this happening. Note that the `Vulnerability Details` element of the `Audit Vulnerabilities` tab in the project view is not affected. The issue has been fixed in frontend version 4.6.1."}, {"lang": "es", "value": "dependencytrack/frontend es una aplicaci\u00f3n de p\u00e1gina \u00fanica (SPA) usada en Dependency-Track, una plataforma de an\u00e1lisis de componentes de c\u00f3digo abierto que permite a las organizaciones identificar y reducir el riesgo en la cadena de suministro de software. Debido a la pr\u00e1ctica com\u00fan de proporcionar detalles de vulnerabilidad en formato markdown, el frontend de Dependency-Track los renderiza usando la biblioteca JavaScript Showdown. Showdown no presenta ninguna contramedida de tipo XSS incorporada, y Las versiones anteriores a 4.6.1 del frontend Dependency-Track no codificaban ni saneaban la salida de Showdown. Esto hac\u00eda posible que el JavaScript arbitrario incluido en los detalles de la vulnerabilidad por medio de atributos HTML es ejecutadora en el contexto del frontend. Los actores con el permiso \"VULNERABILITY_MANAGEMENT\" pueden explotar esta debilidad al crear o editar una vulnerabilidad personalizada y proporcionando cargas \u00fatiles de tipo XSS en cualquiera de los siguientes campos: Description, Details, Recommendation, o References. La carga \u00fatil es ejecutada para usuarios con el permiso \"VIEW_PORTFOLIO\" cuando naveguen a la p\u00e1gina de la vulnerabilidad modificada. Alternativamente, el JavaScript malicioso podr\u00eda ser introducido por medio de cualquiera de las bases de datos de vulnerabilidades reflejadas por Dependency-Track. Sin embargo, este vector de ataque es altamente improbable, y los mantenedores de Dependency-Track no presentan conocimiento de que esto ocurra. Tenga en cuenta que el elemento \"Detalles de la vulnerabilidad\" de la pesta\u00f1a \"Auditor\u00eda de vulnerabilidades\" en la vista del proyecto no est\u00e1 afectado. El problema ha sido corregido en versi\u00f3n 4.6.1 del frontend"}], "id": "CVE-2022-39350", "lastModified": "2023-11-07T03:50:27.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-10-25T17:15:56.547", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://docs.dependencytrack.org/changelog/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/DependencyTrack/frontend/security/advisories/GHSA-c33w-pm52-mqvf"}, {"source": "security-advisories@github.com", "url": "https://github.com/showdownjs/showdown/wiki/Markdown%27s-XSS-Vulnerability-%28and-how-to-mitigate-it%29"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}