CVE-2021-39175 - Vulnerability Details - OpenCVE

ReportizFlow

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hedgedoc	Hedgedoc

Configuration 1 [-]

cpe:2.3:a:hedgedoc:hedgedoc:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/hedgedoc/hedgedoc/pull/1369
https://github.com/hedgedoc/hedgedoc/pull/1375
https://github.com/hedgedoc/hedgedoc/pull/1513
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-08-30T20:40:13

Updated: 2024-08-04T01:58:18.195Z

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39175

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-08-30T21:15:09.523

Modified: 2024-11-21T06:18:47.743

Link: CVE-2021-39175

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "hedgedoc", "vendor": "hedgedoc", "versions": [{"status": "affected", "version": "< 1.9.0"}]}], "descriptions": [{"lang": "en", "value": "HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-346", "description": "CWE-346: Origin Validation Error", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-30T20:40:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1369"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1375"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1513"}], "source": {"advisory": "GHSA-j748-779h-9697", "discovery": "UNKNOWN"}, "title": "XSS vector in slide mode speaker-view", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2021-39175", "STATE": "PUBLIC", "TITLE": "XSS vector in slide mode speaker-view"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "hedgedoc", "version": {"version_data": [{"version_value": "< 1.9.0"}]}}]}, "vendor_name": "hedgedoc"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}, {"description": [{"lang": "eng", "value": "CWE-346: Origin Validation Error"}]}]}, "references": {"reference_data": [{"name": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697", "refsource": "CONFIRM", "url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697"}, {"name": "https://github.com/hedgedoc/hedgedoc/pull/1369", "refsource": "MISC", "url": "https://github.com/hedgedoc/hedgedoc/pull/1369"}, {"name": "https://github.com/hedgedoc/hedgedoc/pull/1375", "refsource": "MISC", "url": "https://github.com/hedgedoc/hedgedoc/pull/1375"}, {"name": "https://github.com/hedgedoc/hedgedoc/pull/1513", "refsource": "MISC", "url": "https://github.com/hedgedoc/hedgedoc/pull/1513"}]}, "source": {"advisory": "GHSA-j748-779h-9697", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:58:18.195Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1369"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1375"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1513"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-39175", "datePublished": "2021-08-30T20:40:13", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-08-04T01:58:18.195Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hedgedoc:hedgedoc:*:*:*:*:*:*:*:*", "matchCriteriaId": "81394535-06A5-4A99-A7B6-8A7DB22B56C5", "versionEndExcluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading."}, {"lang": "es", "value": "HedgeDoc es una plataforma para escribir y compartir markdown. En versiones anteriores a1.9.0, un atacante no autenticado puede inyectar JavaScript arbitrario en las notas de los oradores de la funci\u00f3n de modo de diapositivas al insertar un iframe que aloje el c\u00f3digo malicioso en las diapositivas o al insertar la instancia de HedgeDoc en otra p\u00e1gina. El problema est\u00e1 parcheado en versi\u00f3n 1.9.0. No se conocen soluciones aparte de la actualizaci\u00f3n."}], "id": "CVE-2021-39175", "lastModified": "2024-11-21T06:18:47.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2021-08-30T21:15:09.523", "references": [{"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1369"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1375"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1513"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1369"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1375"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/pull/1513"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-346"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}