CVE-2024-38527

ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c
https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-26 20:15

Updated : 2024-06-27 12:47

NVD link : CVE-2024-38527

Mitre link : CVE-2024-38527

CVE.ORG link : CVE-2024-38527

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-38527", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.2}]}, "published": "2024-06-26T20:15:16.020", "references": [{"url": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c", "source": "security-advisories@github.com"}, {"url": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,"}, {"lang": "es", "value": "ZenUML es una herramienta de diagramaci\u00f3n basada en JavaScript que no requiere servidor y utiliza definiciones de texto inspiradas en Markdown y un renderizador para crear y modificar diagramas de secuencia. Los comentarios basados en Markdown en la sintaxis del diagrama ZenUML son susceptibles a Cross-site Scripting (XSS). La funci\u00f3n de comentarios permite al usuario adjuntar peque\u00f1as notas como referencia. Esta funci\u00f3n permite al usuario ingresar su comentario en un comentario de markdown, lo que le permite utilizar funciones de markdown comunes, como `**` para texto en negrita. Sin embargo, el texto de markdown actualmente no se sanitiza antes de renderizarlo, lo que permite a un atacante ingresar un payload malicioso para el comentario que conduce a XSS. Esto pone a las aplicaciones existentes que usan ZenUML sin sandbox en riesgo de ejecuci\u00f3n arbitraria de JavaScript al representar diagramas controlados por el usuario. Esta vulnerabilidad fue parcheada en la versi\u00f3n 3.23.25,"}], "lastModified": "2024-06-27T12:47:19.847", "sourceIdentifier": "security-advisories@github.com"}