{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28100", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-04T14:19:14.058Z", "datePublished": "2024-09-02T16:10:11.512Z", "dateUpdated": "2024-09-03T13:48:37.352Z"}, "containers": {"cna": {"title": "Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/elabftw/elabftw/security/advisories/GHSA-xp3v-w8cx-cqxc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-xp3v-w8cx-cqxc"}], "affected": [{"vendor": "elabftw", "product": "elabftw", "versions": [{"version": "< 5.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-03T12:39:09.701Z"}, "descriptions": [{"lang": "en", "value": "eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a list of experiments. Viewing this allows the malicious script to act on behalf of the visitor in any way, including the creation of API keys for persistence, or other options normally available to the user. If the user viewing the page has the sysadmin role in eLabFTW, the script can act as a sysadmin (including system configuration and extensive user management roles). Users are advised to upgrade to at least version 5.0.0. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-xp3v-w8cx-cqxc", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "elabftw", "product": "elabftw", "cpes": ["cpe:2.3:a:elabftw:elabftw:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T13:38:38.539216Z", "id": "CVE-2024-28100", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T13:48:37.352Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28100", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-03T13:38:38.539216Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:elabftw:elabftw:*:*:*:*:*:*:*:*"], "vendor": "elabftw", "product": "elabftw", "versions": [{"status": "affected", "version": "0", "lessThan": "5.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T13:46:04.145Z"}}], "cna": {"title": "Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw", "source": {"advisory": "GHSA-xp3v-w8cx-cqxc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "elabftw", "product": "elabftw", "versions": [{"status": "affected", "version": "< 5.0.0"}]}], "references": [{"url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-xp3v-w8cx-cqxc", "name": "https://github.com/elabftw/elabftw/security/advisories/GHSA-xp3v-w8cx-cqxc", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a list of experiments. Viewing this allows the malicious script to act on behalf of the visitor in any way, including the creation of API keys for persistence, or other options normally available to the user. If the user viewing the page has the sysadmin role in eLabFTW, the script can act as a sysadmin (including system configuration and extensive user management roles). Users are advised to upgrade to at least version 5.0.0. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-03T12:39:09.701Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28100", "state": "PUBLISHED", "dateUpdated": "2024-09-03T13:48:37.352Z", "dateReserved": "2024-03-04T14:19:14.058Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-02T16:10:11.512Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elabftw:elabftw:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BB7A456-ED8C-4042-9C00-B7DF0ED41218", "versionEndExcluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a list of experiments. Viewing this allows the malicious script to act on behalf of the visitor in any way, including the creation of API keys for persistence, or other options normally available to the user. If the user viewing the page has the sysadmin role in eLabFTW, the script can act as a sysadmin (including system configuration and extensive user management roles). Users are advised to upgrade to at least version 5.0.0. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "eLabFTW es un cuaderno de laboratorio electr\u00f3nico de c\u00f3digo abierto para laboratorios de investigaci\u00f3n. Al cargar archivos especialmente manipulados, un usuario normal puede crear una situaci\u00f3n en la que el navegador de un visitante ejecute c\u00f3digo JavaScript arbitrario en el contexto de la aplicaci\u00f3n eLabFTW. Esto puede ser provocado por el visitante que ve una lista de experimentos. Al ver esto, el script malicioso puede actuar en nombre del visitante de cualquier manera, incluida la creaci\u00f3n de claves API para la persistencia u otras opciones normalmente disponibles para el usuario. Si el usuario que ve la p\u00e1gina tiene el rol de administrador de sistemas en eLabFTW, el script puede actuar como administrador de sistemas (incluida la configuraci\u00f3n del sistema y roles de administraci\u00f3n de usuarios extensos). Se recomienda a los usuarios que actualicen al menos a la versi\u00f3n 5.0.0. No se conocen workarounds para esta vulnerabilidad."}], "id": "CVE-2024-28100", "lastModified": "2024-09-16T17:28:07.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-09-02T18:15:22.770", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-xp3v-w8cx-cqxc"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}]}

{}