{ "document": { "acknowledgments": [ { "names": [ "Damian Pfammatter" ], "organization": "Cyber-Defense Campus", "summary": "finding and reporting the vulnerability" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "notes": [ { "category": "legal_disclaimer", "text": "As a content provider, BSI is responsible under general law for its own content distributed for use. However, it remains your responsibility to carefully check usage and/or implementation of information provided with the content.", "title": "Legal disclaimer" } ], "publisher": { "category": "coordinator", "name": "Bundesamt für Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "BSI-2022-0003 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0003.json" } ], "title": "Stored Cross-Site Scripting (XSS) Vulnerability in csaf_provider", "tracking": { "current_release_date": "2022-11-04T15:00:00.000Z", "generator": { "date": "2022-11-04T14:47:20.479Z", "engine": { "name": "Secvisogram", "version": "2.0.0" } }, "id": "BSI-2022-0003", "initial_release_date": "2022-11-04T15:00:00.000Z", "revision_history": [ { "date": "2022-11-04T15:00:00.000Z", "number": "1", "summary": "Initial version." } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "2.0.0", "product": { "name": "CSAF Tools csaf_provider 2.0.0", "product_id": "CSAFPID-0001" } }, { "category": "product_version", "name": "0.8.2", "product": { "name": "CSAF Tools csaf_provider 0.8.2", "product_id": "CSAFPID-0002" } }, { "category": "product_version", "name": "0.8.1", "product": { "name": "CSAF Tools csaf_provider 0.8.1", "product_id": "CSAFPID-0003" } }, { "category": "product_version", "name": "0.8.0", "product": { "name": "CSAF Tools csaf_provider 0.8.0", "product_id": "CSAFPID-0004" } }, { "category": "product_version", "name": "0.3.0", "product": { "name": "CSAF Tools csaf_provider 0.3.0", "product_id": "CSAFPID-0005" } }, { "category": "product_version", "name": "0.3.0-alpha", "product": { "name": "CSAF Tools csaf_provider 0.3.0-alpha", "product_id": "CSAFPID-0006" } }, { "category": "product_version", "name": "0.3.0-alpha2", "product": { "name": "CSAF Tools csaf_provider 0.3.0-alpha2", "product_id": "CSAFPID-0007" } }, { "category": "product_version", "name": "0.3.0-alpha3", "product": { "name": "CSAF Tools csaf_provider 0.3.0-alpha3", "product_id": "CSAFPID-0008" } }, { "category": "product_version", "name": "0.3.0-alpha4", "product": { "name": "CSAF Tools csaf_provider 0.3.0-alpha4", "product_id": "CSAFPID-0009" } }, { "category": "product_version", "name": "0.3.0-alpha5", "product": { "name": "CSAF Tools csaf_provider 0.3.0-alpha5", "product_id": "CSAFPID-0010" } }, { "category": "product_version", "name": "0.3.0-alpha6", "product": { "name": "CSAF Tools csaf_provider 0.3.0-alpha6", "product_id": "CSAFPID-0011" } }, { "category": "product_version", "name": "0.2.0", "product": { "name": "CSAF Tools csaf_provider 0.2.0", "product_id": "CSAFPID-0012" } }, { "category": "product_version", "name": "0.1.0-alpha.1", "product": { "name": "CSAF Tools csaf_provider 0.1.0-alpha.1", "product_id": "CSAFPID-0013" } } ], "category": "product_name", "name": "csaf_provider" } ], "category": "vendor", "name": "CSAF POC" } ], "product_groups": [ { "group_id": "CSAFGID-0001", "product_ids": [ "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-0010", "CSAFPID-0011", "CSAFPID-0012", "CSAFPID-0013" ], "summary": "Affected product versions" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-43996", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "discovery_date": "2022-05-17T10:00:00.000Z", "notes": [ { "category": "summary", "text": "The endpoint “upload” allows valid CSAF advisories (JSON format) to be uploaded with Content-Type “text/html” and filenames ending in “.html”. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain malicious JavaScript code, that will execute within the browser-context of users inspecting the advisory.", "title": "Vulnerability summary" } ], "product_status": { "first_fixed": [ "CSAFPID-0002" ], "fixed": [ "CSAFPID-0001" ], "known_affected": [ "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-0010", "CSAFPID-0011", "CSAFPID-0012", "CSAFPID-0013" ], "recommended": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update to the latest version, at least version 0.8.2.", "group_ids": [ "CSAFGID-0001" ], "restart_required": { "category": "none", "details": "The binary can be replaced without a need to restart any service. However, be aware of API changes between the versions." }, "url": "https://github.com/csaf-poc/csaf_distribution/releases/latest" }, { "category": "mitigation", "details": "Ensure that no CSAF advisories containing JavaScript code are uploaded, e.g. by organizational measures. ", "group_ids": [ "CSAFGID-0001" ], "restart_required": { "category": "none" } } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:L/E:F/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-0010", "CSAFPID-0011", "CSAFPID-0012", "CSAFPID-0013" ] } ], "title": "Stored Cross-Site-Scripting" } ] }