FKIE_CVE-2025-27155

Vulnerability from fkie_nvd - Published: 2025-03-04 17:15 - Updated: 2025-03-04 17:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped when restarting pineconesim.
References
security-advisories@github.comhttps://github.com/matrix-org/pinecone/commit/218b2801995b174085cb1c8fafe2d3aa661f85bd
security-advisories@github.comhttps://github.com/matrix-org/pinecone/security/advisories/GHSA-fr62-mg2q-7wqv
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped when restarting pineconesim."
    },
    {
      "lang": "es",
      "value": "Pinecone es un conjunto de protocolos de enrutamiento superpuestos experimentales que constituye la base de las demostraciones actuales de P2P Matrix. El simulador de Pinecone (pineconesim) incluido en Pinecone hasta el commit ea4c337 es vulnerable a cross site scripting almacenado. El almacenamiento del payload no es permanente y se borrar\u00e1 al reiniciar pineconesim."
    }
  ],
  "id": "CVE-2025-27155",
  "lastModified": "2025-03-04T17:15:18.833",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-04T17:15:18.833",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/matrix-org/pinecone/commit/218b2801995b174085cb1c8fafe2d3aa661f85bd"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/matrix-org/pinecone/security/advisories/GHSA-fr62-mg2q-7wqv"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        },
        {
          "lang": "en",
          "value": "CWE-80"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.