CVE-2022-25224 (GCVE-0-2022-25224)

Vulnerability from cvelistv5 – Published: 2022-05-20 11:04 – Updated: 2024-08-03 04:36
VLAI?
Summary
Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands.
Severity ?
No CVSS data available.
CWE
  • XSS to RCE
Assigner
References
Impacted products
Vendor Product Version
n/a Proton Affected: 0.2.0
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:36:06.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://fluidattacks.com/advisories/lennon/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Proton",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XSS to RCE",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-20T11:04:12.000Z",
        "orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
        "shortName": "Fluid Attacks"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://fluidattacks.com/advisories/lennon/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "help@fluidattacks.com",
          "ID": "CVE-2022-25224",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Proton",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "0.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XSS to RCE"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fluidattacks.com/advisories/lennon/",
              "refsource": "MISC",
              "url": "https://fluidattacks.com/advisories/lennon/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
    "assignerShortName": "Fluid Attacks",
    "cveId": "CVE-2022-25224",
    "datePublished": "2022-05-20T11:04:12.000Z",
    "dateReserved": "2022-02-15T00:00:00.000Z",
    "dateUpdated": "2024-08-03T04:36:06.522Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-25224",
      "date": "2026-04-25",
      "epss": "0.00337",
      "percentile": "0.56552"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:proton_project:proton:0.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AF0DFCA-0F88-437E-8E07-F223ED15C4B8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands.\"}, {\"lang\": \"es\", \"value\": \"Proton versi\\u00f3n v0.2.0, permite a un atacante crear un enlace malicioso dentro de un archivo markdown. Cuando la v\\u00edctima hace clic en el enlace, la aplicaci\\u00f3n abre el sitio en el marco actual permitiendo a un atacante alojar c\\u00f3digo JavaScript en el enlace malicioso para desencadenar un ataque de tipo XSS. La configuraci\\u00f3n \\\"nodeIntegration\\\" est\\u00e1 habilitada, lo que permite a la p\\u00e1gina web usar las caracter\\u00edsticas de \\\"NodeJs\\\", un atacante puede aprovechar esto para ejecutar comandos del Sistema Operativo\"}]",
      "id": "CVE-2022-25224",
      "lastModified": "2024-11-21T06:51:50.187",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-05-20T12:15:10.883",
      "references": "[{\"url\": \"https://fluidattacks.com/advisories/lennon/\", \"source\": \"help@fluidattacks.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://fluidattacks.com/advisories/lennon/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "help@fluidattacks.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-25224\",\"sourceIdentifier\":\"help@fluidattacks.com\",\"published\":\"2022-05-20T12:15:10.883\",\"lastModified\":\"2024-11-21T06:51:50.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands.\"},{\"lang\":\"es\",\"value\":\"Proton versi\u00f3n v0.2.0, permite a un atacante crear un enlace malicioso dentro de un archivo markdown. Cuando la v\u00edctima hace clic en el enlace, la aplicaci\u00f3n abre el sitio en el marco actual permitiendo a un atacante alojar c\u00f3digo JavaScript en el enlace malicioso para desencadenar un ataque de tipo XSS. La configuraci\u00f3n \\\"nodeIntegration\\\" est\u00e1 habilitada, lo que permite a la p\u00e1gina web usar las caracter\u00edsticas de \\\"NodeJs\\\", un atacante puede aprovechar esto para ejecutar comandos del Sistema Operativo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proton_project:proton:0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AF0DFCA-0F88-437E-8E07-F223ED15C4B8\"}]}]}],\"references\":[{\"url\":\"https://fluidattacks.com/advisories/lennon/\",\"source\":\"help@fluidattacks.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://fluidattacks.com/advisories/lennon/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.