CVE-2024-41953

{"id": "CVE-2024-41953", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-07-31T17:15:10.850", "references": [{"url": "https://github.com/zitadel/zitadel/commit/0e1f99e987b5851caec45a72660fe9f67e425747", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/commit/38da602ee1cfc35c0d7918c298fbfc3f3674133b", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/commit/4b59cac67bb89c1f3f84a2041dd273d11151d29f", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/commit/c1a3fc72dde16e987d8a09aa291e7c2edfc928f7", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/commit/c353f82f89c6982c0888c6763363296cf4263cb2", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/commit/d04ac6df8f2f0243e649b802a8bfa6176cef0923", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/commit/f846616a3f022e88e3ea8cea05d3254ad86f1615", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/releases/tag/v2.52.3", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/releases/tag/v2.53.9", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/releases/tag/v2.54.8", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/releases/tag/v2.55.5", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/releases/tag/v2.56.2", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/releases/tag/v2.57.1", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/releases/tag/v2.58.1", "source": "security-advisories@github.com"}, {"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-v333-7h2p-5fhv", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker, without privileges, could send out altered notifications that are part of the registration processes. An attacker could create a malicious link, where the injected code would be rendered as part of the email. On the user's detail page, the username was also not sanitized and would also render HTML, giving an attacker the same vulnerability. While it was possible to inject HTML including javascript, the execution of such scripts would be prevented by most email clients and the Content Security Policy in Console UI. This vulnerability is fixed in 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8 2.53.9, and 2.52.3."}, {"lang": "es", "value": "Zitadel es un sistema de gesti\u00f3n de identidades de c\u00f3digo abierto. ZITADEL utiliza HTML para los correos electr\u00f3nicos y muestra cierta informaci\u00f3n, como los nombres de usuario, de forma din\u00e1mica. Esa informaci\u00f3n puede ser ingresada por usuarios o administradores. Debido a la falta de sanitizaci\u00f3n de la salida, estos correos electr\u00f3nicos podr\u00edan incluir c\u00f3digo malicioso. Esto puede generar potencialmente una amenaza en la que un atacante, sin privilegios, podr\u00eda enviar notificaciones alteradas que forman parte de los procesos de registro. Un atacante podr\u00eda crear un enlace malicioso, donde el c\u00f3digo inyectado se presentar\u00eda como parte del correo electr\u00f3nico. En la p\u00e1gina de detalles del usuario, el nombre de usuario tampoco estaba sanitizado y tambi\u00e9n representaba HTML, lo que le daba al atacante la misma vulnerabilidad. Si bien era posible inyectar HTML, incluido JavaScript, la mayor\u00eda de los clientes de correo electr\u00f3nico y la Pol\u00edtica de seguridad de contenido en la interfaz de usuario de la consola impedir\u00edan la ejecuci\u00f3n de dichos scripts. Esta vulnerabilidad se solucion\u00f3 en 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8 2.53.9 y 2.52.3."}], "lastModified": "2024-08-01T12:42:36.933", "sourceIdentifier": "security-advisories@github.com"}