CVE-2022-46181

{"id": "CVE-2022-46181", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-12-29T19:15:08.810", "references": [{"url": "https://github.com/gotify/server/pull/534", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/gotify/server/pull/535", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/gotify/server/pull/534", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/gotify/server/pull/535", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take over the account of the user that clicked the link. The Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a context outside of Gotify. The vulnerability has been fixed in version 2.2.2. As a workaround, you can block access to non image files via a reverse proxy in the `./image` directory."}, {"lang": "es", "value": "El servidor Gotify es un servidor simple para enviar y recibir mensajes en tiempo real por WebSocket. Las versiones anteriores a la 2.2.2 contienen una vulnerabilidad XSS que permite a los usuarios autenticados cargar archivos .html. Un atacante podr\u00eda ejecutar scripts del lado del cliente **si** otro usuario abriera un enlace. El atacante podr\u00eda potencialmente hacerse cargo de la cuenta del usuario que hizo clic en el enlace. La interfaz de usuario de Gotify no expondr\u00e1 de forma nativa un enlace malicioso, por lo que un atacante debe lograr que el usuario abra el enlace malicioso en un contexto fuera de Gotify. La vulnerabilidad se ha solucionado en la versi\u00f3n 2.2.2. Como workaround, puede bloquear el acceso a archivos que no sean de im\u00e1genes a trav\u00e9s de un proxy inverso en el directorio `./image`."}], "lastModified": "2024-11-21T07:30:16.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gotify:server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37AC8598-D2C6-407B-BBE1-3D9849FB2628", "versionEndExcluding": "2.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}