GHSA-HRGX-7J6V-XJ82

Vulnerability from github – Published: 2022-01-12 21:55 – Updated: 2022-01-19 17:42
VLAI?
Summary
Reflected cross-site scripting (XSS) vulnerability
Details

This security advisory relates to a capability for an attacker to exploit a reflected cross-site scripting vulnerability when using the @keystone-6/auth package.

Impact

The vulnerability can impact users of the administration user interface when following an untrusted link to the signin or init page. This is a targeted attack and may present itself in the form of phishing and or chained in conjunction with some other vulnerability.

Vulnerability mitigation

Please upgrade to @keystone-6/auth >= 1.0.2, where this vulnerability has been closed. If you are using @keystone-next/auth, we strongly recommend you upgrade to @keystone-6.

Workarounds

If for some reason you cannot upgrade the dependencies in software, you could alternatively

  • disable the administration user interface, or
  • if using a reverse-proxy, strip query parameters when accessing the administration interface

References

https://owasp.org/www-community/attacks/xss/

Thanks to Shivansh Khari (@Shivansh-Khari) for discovering and reporting this vulnerability

Severity ?
7.1 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@keystone-6/auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@keystone-next/auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "37.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-0087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-10T21:45:34Z",
    "nvd_published_at": "2022-01-12T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "This security advisory relates to a capability for an attacker to exploit a reflected cross-site scripting vulnerability when using the `@keystone-6/auth` package.\n\n#### Impact\nThe vulnerability can impact users of the administration user interface when following an untrusted link to the `signin` or `init` page.\nThis is a targeted attack and may present itself in the form of phishing and or chained in conjunction with some other vulnerability.\n\n## Vulnerability mitigation\nPlease upgrade to `@keystone-6/auth \u003e= 1.0.2`, where this vulnerability has been closed.\nIf you are using `@keystone-next/auth`,  we **strongly** recommend you upgrade to `@keystone-6`.\n\n### Workarounds\nIf for some reason you cannot upgrade the dependencies in software, you could alternatively\n\n- disable the administration user interface, or \n- if using a reverse-proxy, strip query parameters when accessing the administration interface\n\n### References\nhttps://owasp.org/www-community/attacks/xss/\n\nThanks to Shivansh Khari (@Shivansh-Khari) for discovering and reporting this vulnerability",
  "id": "GHSA-hrgx-7j6v-xj82",
  "modified": "2022-01-19T17:42:16Z",
  "published": "2022-01-12T21:55:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/keystonejs/keystone/security/advisories/GHSA-hrgx-7j6v-xj82"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0087"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keystonejs/keystone/commit/96bf833a23b1a0a5d365cf394467a943cc481b38"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keystonejs/keystone"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/c9d7374f-2cb9-4bac-9c90-a965942f413e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Reflected cross-site scripting (XSS) vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.