GSD-2018-1000855
Vulnerability from gsd - Updated: 2018-11-09 00:00Details
When passing an invalid check name as parameter to the endpoint where
the easymon routes are mounted, a 406 response with a body that contains the invalid
check name unescaped is returned. Malicious JavaScript can be injected into that
invalid name and have it executed in Firefox
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-1000855",
"description": "easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim must click on a crafted URL that contains the XSS payload. This vulnerability appears to have been fixed in 1.4.1 and later.",
"id": "GSD-2018-1000855"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "easymon",
"purl": "pkg:gem/easymon"
}
}
],
"aliases": [
"CVE-2018-1000855",
"GHSA-c289-47qf-rvrr"
],
"details": "When passing an invalid check name as parameter to the endpoint where\nthe easymon routes are mounted, a 406 response with a body that contains the invalid\ncheck name unescaped is returned. Malicious JavaScript can be injected into that\ninvalid name and have it executed in Firefox\n",
"id": "GSD-2018-1000855",
"modified": "2018-11-09T00:00:00.000Z",
"published": "2018-11-09T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/basecamp/easymon/issues/26"
},
{
"type": "WEB",
"url": "https://github.com/basecamp/easymon/pull/25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.1,
"type": "CVSS_V3"
}
],
"summary": "Reflected XSS in Firefox in check endpoint"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-12-05T14:18:48.093768",
"DATE_REQUESTED": "2018-11-19T08:38:18",
"ID": "CVE-2018-1000855",
"REQUESTER": "rosa@basecamp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim must click on a crafted URL that contains the XSS payload. This vulnerability appears to have been fixed in 1.4.1 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/basecamp/easymon/pull/25",
"refsource": "MISC",
"url": "https://github.com/basecamp/easymon/pull/25"
},
{
"name": "https://github.com/basecamp/easymon/issues/26",
"refsource": "MISC",
"url": "https://github.com/basecamp/easymon/issues/26"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2018-1000855",
"cvss_v3": 6.1,
"date": "2018-11-09",
"description": "When passing an invalid check name as parameter to the endpoint where\nthe easymon routes are mounted, a 406 response with a body that contains the invalid\ncheck name unescaped is returned. Malicious JavaScript can be injected into that\ninvalid name and have it executed in Firefox\n",
"gem": "easymon",
"ghsa": "c289-47qf-rvrr",
"patched_versions": [
"\u003e= 1.4.1"
],
"related": {
"url": [
"https://github.com/basecamp/easymon/pull/25"
]
},
"title": "Reflected XSS in Firefox in check endpoint",
"url": "https://github.com/basecamp/easymon/issues/26"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=1.4",
"affected_versions": "All versions up to 1.4",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2019-10-30",
"description": "The package easymon contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. This can be used to steal cookies, depending on the cookie settings. The victim must click on a crafted URL that contains the XSS payload.",
"fixed_versions": [
"1.4.1"
],
"identifier": "CVE-2018-1000855",
"identifiers": [
"CVE-2018-1000855"
],
"not_impacted": "All versions after 1.4",
"package_slug": "gem/easymon",
"pubdate": "2018-12-20",
"solution": "Upgrade to version 1.4.1 or above.",
"title": "Cross-site Scripting",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-1000855"
],
"uuid": "eafc80c9-3d71-41aa-9e81-ac656a3bfec3"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:basecamp:easymon:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1000855"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim must click on a crafted URL that contains the XSS payload. This vulnerability appears to have been fixed in 1.4.1 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/basecamp/easymon/pull/25",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/basecamp/easymon/pull/25"
},
{
"name": "https://github.com/basecamp/easymon/issues/26",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/basecamp/easymon/issues/26"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2019-10-30T18:22Z",
"publishedDate": "2018-12-20T17:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…