CVE-2021-39175

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/hedgedoc/hedgedoc/pull/1369	Patch Third Party Advisory
https://github.com/hedgedoc/hedgedoc/pull/1375	Patch Third Party Advisory
https://github.com/hedgedoc/hedgedoc/pull/1513	Patch Third Party Advisory
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hedgedoc:hedgedoc:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-30 21:15

Updated : 2022-10-25 18:01

NVD link : CVE-2021-39175

Mitre link : CVE-2021-39175

CVE.ORG link : CVE-2021-39175

JSON object : View

Products Affected

hedgedoc

hedgedoc

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-346

Origin Validation Error

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2021-39175", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2021-08-30T21:15:09.523", "references": [{"url": "https://github.com/hedgedoc/hedgedoc/pull/1369", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/hedgedoc/hedgedoc/pull/1375", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/hedgedoc/hedgedoc/pull/1513", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-346"}, {"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading."}, {"lang": "es", "value": "HedgeDoc es una plataforma para escribir y compartir markdown. En versiones anteriores a1.9.0, un atacante no autenticado puede inyectar JavaScript arbitrario en las notas de los oradores de la funci\u00f3n de modo de diapositivas al insertar un iframe que aloje el c\u00f3digo malicioso en las diapositivas o al insertar la instancia de HedgeDoc en otra p\u00e1gina. El problema est\u00e1 parcheado en versi\u00f3n 1.9.0. No se conocen soluciones aparte de la actualizaci\u00f3n."}], "lastModified": "2022-10-25T18:01:11.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hedgedoc:hedgedoc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81394535-06A5-4A99-A7B6-8A7DB22B56C5", "versionEndExcluding": "1.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}