CVE-2024-28111 (GCVE-0-2024-28111)
Vulnerability from cvelistv5 – Published: 2024-03-06 21:15 – Updated: 2024-08-02 00:48
VLAI?
Title
CSV Injection in exported history CSV files
Summary
Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue.
Severity ?
6.5 (Medium)
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thinkst | canarytokens |
Affected:
< sha-c595a1f8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T16:35:12.352786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T16:35:20.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv"
},
{
"name": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "canarytokens",
"vendor": "thinkst",
"versions": [
{
"status": "affected",
"version": "\u003c sha-c595a1f8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken\u0027s incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken\u0027s owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T21:15:02.404Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv"
},
{
"name": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa"
}
],
"source": {
"advisory": "GHSA-fqh6-v4qp-65fv",
"discovery": "UNKNOWN"
},
"title": "CSV Injection in exported history CSV files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28111",
"datePublished": "2024-03-06T21:15:02.404Z",
"dateReserved": "2024-03-04T14:19:14.059Z",
"dateUpdated": "2024-08-02T00:48:49.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken\u0027s incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken\u0027s owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue.\"}, {\"lang\": \"es\", \"value\": \"Canarytokens ayuda a rastrear la actividad y las acciones en una red. Canarytokens.org admite la exportaci\\u00f3n del historial de incidentes de un Canarytoken en formato CSV. La generaci\\u00f3n de estos archivos CSV es vulnerable a una vulnerabilidad de inyecci\\u00f3n CSV. Esta falla puede ser utilizada por un atacante que descubre un Canarytoken basado en HTTP para atacar al propietario del Canarytoken, si el propietario exporta el historial de incidentes a CSV y lo abre en una aplicaci\\u00f3n de lectura como Microsoft Excel. El impacto es que este problema podr\\u00eda provocar la ejecuci\\u00f3n de c\\u00f3digo en la m\\u00e1quina en la que se abre el archivo CSV. La versi\\u00f3n sha-c595a1f8 contiene una soluci\\u00f3n para este problema.\"}]",
"id": "CVE-2024-28111",
"lastModified": "2024-11-21T09:05:50.300",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
"published": "2024-03-06T22:15:57.780",
"references": "[{\"url\": \"https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1236\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-28111\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-06T22:15:57.780\",\"lastModified\":\"2025-12-05T16:25:22.687\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken\u0027s incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken\u0027s owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue.\"},{\"lang\":\"es\",\"value\":\"Canarytokens ayuda a rastrear la actividad y las acciones en una red. Canarytokens.org admite la exportaci\u00f3n del historial de incidentes de un Canarytoken en formato CSV. La generaci\u00f3n de estos archivos CSV es vulnerable a una vulnerabilidad de inyecci\u00f3n CSV. Esta falla puede ser utilizada por un atacante que descubre un Canarytoken basado en HTTP para atacar al propietario del Canarytoken, si el propietario exporta el historial de incidentes a CSV y lo abre en una aplicaci\u00f3n de lectura como Microsoft Excel. El impacto es que este problema podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en la m\u00e1quina en la que se abre el archivo CSV. La versi\u00f3n sha-c595a1f8 contiene una soluci\u00f3n para este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1236\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:thinkst:canarytokens:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"sha-c595a1f8\",\"matchCriteriaId\":\"81A98986-2BA6-4270-9F0C-C6D99E059E2D\"}]}]}],\"references\":[{\"url\":\"https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv\", \"name\": \"https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa\", \"name\": \"https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:48:49.290Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-28111\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-01T16:35:12.352786Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-01T16:35:17.172Z\"}}], \"cna\": {\"title\": \"CSV Injection in exported history CSV files\", \"source\": {\"advisory\": \"GHSA-fqh6-v4qp-65fv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"thinkst\", \"product\": \"canarytokens\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c sha-c595a1f8\"}]}], \"references\": [{\"url\": \"https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv\", \"name\": \"https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa\", \"name\": \"https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken\u0027s incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken\u0027s owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1236\", \"description\": \"CWE-1236: Improper Neutralization of Formula Elements in a CSV File\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-03-06T21:15:02.404Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-28111\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T00:48:49.290Z\", \"dateReserved\": \"2024-03-04T14:19:14.059Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-03-06T21:15:02.404Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…