CyberCodex | CVE: CVE-2022-31175

CVE-2022-31175

Published at:

2022-08-03T19:15:08.017

Global infos:

CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are `@ckeditor/ckeditor5-markdown-gfm`, `@ckeditor/ckeditor5-html-support`, and `@ckeditor/ckeditor5-html-embed`. The specific conditions are 1) Using one of the affected packages. In case of `ckeditor5-html-support` and `ckeditor5-html-embed`, additionally, it was required to use a configuration that allows unsafe markup inside the editor. 2) Destroying the editor instance and 3) Initializing the editor on an element and using an element other than `` as a base. The root cause of the issue was a mechanism responsible for updating the source element with the markup coming from the CKEditor 5 data pipeline after destroying the editor. This vulnerability might affect a small percent of integrators that depend on dynamic editor initialization/destroy and use Markdown, General HTML Support or HTML embed features. The problem has been recognized and patched. The fix is available in version 35.0.1. There are no known workarounds for this issue. </p> <p> CVE Status: Modified </p> <h4>References:</h4> <o> <li><a href="https://ckeditor.com/docs/ckeditor5/latest/features/general-html-support.html" target="_blank">security-advisories@github.com</a></li><li><a href="https://ckeditor.com/docs/ckeditor5/latest/features/html-embed.html" target="_blank">security-advisories@github.com</a></li><li><a href="https://ckeditor.com/docs/ckeditor5/latest/features/markdown.html" target="_blank">security-advisories@github.com</a></li><li><a href="https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j" target="_blank">security-advisories@github.com</a></li><li><a href="https://ckeditor.com/docs/ckeditor5/latest/features/general-html-support.html" target="_blank">af854a3a-2127-422b-91ae-364da2661108</a></li><li><a href="https://ckeditor.com/docs/ckeditor5/latest/features/html-embed.html" target="_blank">af854a3a-2127-422b-91ae-364da2661108</a></li><li><a href="https://ckeditor.com/docs/ckeditor5/latest/features/markdown.html" target="_blank">af854a3a-2127-422b-91ae-364da2661108</a></li><li><a href="https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j" target="_blank">af854a3a-2127-422b-91ae-364da2661108</a></li> </o> <h4>Metrics:</h4> <p> <table> <tr style='background: #98c5ff'><th><b>Attribute</b></th><th><b>Value</b></th></tr> <tr><td><b>Attack Complexity</b></td><td>HIGH</td></tr> <tr><td><b>Attack Vector</b></td><td>NETWORK</td></tr> <tr><td><b>Availability Impact</b></td><td>LOW</td></tr> <tr><td><b>Base Score</b></td><td>5.8</td></tr> <tr><td><b>Base Severity</b></td><td>MEDIUM</td></tr> <tr><td><b>Confidentiality Impact</b></td><td>LOW</td></tr> <tr><td><b>Integrity Impact</b></td><td>LOW</td></tr> <tr><td><b>Privileges Required</b></td><td>NONE</td></tr> <tr><td><b>Scope</b></td><td>CHANGED</td></tr> <tr><td><b>User Interaction</b></td><td>REQUIRED</td></tr> <tr><td><b>Vector String</b></td><td><a class='vectorlink' href=/cve/vector/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L</a></td></tr> <tr><td><b>Exploitability Score</b></td><td>1.6</td></tr> <tr><td><b>Impact Score</b></td><td>3.7</td></tr> <tr><td><b>Source</b></td><td>security-advisories@github.com</td></tr> <tr><td><b>Type</b></td><td>Secondary</td></tr> </table> </p> <h4>Links:</h4> <p> <a href="https://www.exploit-db.com/search?cve=CVE-2022-31175" target="_blank">Exploit-db</a><br> <a href="https://github.com/search?q=CVE-2022-31175&type=repositories" target="_blank">Github</a><br> </p> </div> </div> </div> <div class="side-bar col-md-4"> <div class="widget-search"> <form action="/cve" method="get" role="search" class="search-form relative"> <input type="search" id="search" class="search-field style-1" placeholder="Search..." value="" name="s" title="Search for" required=""> <button class="search search-submit" type="submit" title="Search"> <i class="icon-search"></i> </button> </form> </div> <div class="widget widget-categories"> <h5 class="title-widget"> Most recherched CVEs </h5> <ul> <li> <div class="cate-item"><a href="/cve?s=CVE-2021-44228">CVE-2021-44228</a></div> </li> <li> <div class="cate-item"><a href="/cve?s=CVE-2022-30190">CVE-2022-30190</a></div> </li> <li> <div class="cate-item"><a href="/cve?s=CVE-2022-22965">CVE-2022-22965</a></div> </li> <li> <div class="cate-item"><a href="/cve?s=CVE-2021-26855">CVE-2021-26855</a></div> </li> </ul> </div> <div class="widget widget-tag"> <h5 class="title-widget">Popular Keywords</h5> <ul class="flex flex-wrap"> <li><a href="/cve?s=javascript" class="box-widget-tag">JavaScript</a></li> <li><a href="/cve?s=log4j" class="box-widget-tag">Log4j</a></li> <li><a href="/cve?s=buffer-overflow" class="box-widget-tag">Buffer Overflow</a></li> <li><a href="/cve?s=rce" class="box-widget-tag">Remote Code Execution (RCE)</a></li> <li><a href="/cve?s=sql-injection" class="box-widget-tag">SQL Injection</a></li> <li><a href="/cve?s=xss" class="box-widget-tag">Cross-Site Scripting (XSS)</a></li> <li><a href="/cve?s=privilege-escalation" class="box-widget-tag">Privilege Escalation</a></li> <li><a href="/cve?s=deserialization" class="box-widget-tag">Insecure Deserialization</a></li> <li><a href="/cve?s=supply-chain" class="box-widget-tag">Supply Chain Attack</a></li> </ul> </div> </div> </div> </div> </div> <footer id="footer"> <div class="themesflat-container"> <div class="row"> <div class="col-12"> <div class="footer-content flex flex-grow"> <div class="widget-logo flex-grow"> <div class="logo-footer" id="logo-footer"> <a href="/"> <img id="logo_footer" src="/assets/CyberCodex.png" style="max-width: 300px;" data-retina="/assets/CyberCodex.png" alt="image"> </a> </div> </div> <div class="widget widget-menu style-1"> <h5 class="title-widget">Our content</h5> <ul> <li><a href="https://www.hackintheshell.org/" target="_blank">Hack In The Shell</a></li> <li><a href="https://www.alice-snow.ru" target="_blank">Personal Portfolio</a></li> </ul> </div> <div class="widget widget-menu style-2"> <h5 class="title-widget">Resource</h5> <ul> <li><a href="/submit">Submit Subject</a></li> <li><a href="/partners">Partners</a></li> <li><a href="/blog">Discover</a></li> </ul> </div> <div class="widget widget-menu style-3"> <h5 class="title-widget">Account</h5> <ul> <li><a href="/about#team">Our team</a></li> <li><a href="mailto:contact@cybercodex.dev">Join Us</a></li> </ul> </div> <div class="widget-last"> <div class="widget-menu style-4"> <h5 class="title-widget">CyberCodex</h5> <ul> <li><a href="/about#faq">Help center</a></li> <li><a href="/status">Platform status</a></li> </ul> </div> <h5 class="title-widget mt-30">Join the community</h5> <div class="widget-social"> <ul class="flex"> <li><a href="https://x.com/Sn0wAlice" target="_blank" class="icon-twitter"></a></li> <li><a href="https://discord.gg/NkGChB8dRJ" target="_blank" class="icon-vt"></a></li> </ul> </div> </div> </div> </div> </div> <div class="footer-bottom"> <p>© <script>document.write(new Date().getFullYear());</script> CyberCodex | Sn0wAlice Fundation - Made With ❤️</p> <ul class="flex"> <li> <a href="/legal/privacy">Privacy Policy</a> </li> <li> <a href="/legal/tos">Terms and Conditions</a> </li> </ul> </div> </div> </footer> </div>  </div>  <div class="tf-mouse tf-mouse-outer"></div> <div class="tf-mouse tf-mouse-inner"></div> <div class="progress-wrap active-progress"> <svg class="progress-circle svg-content" width="100%" height="100%" viewBox="-1 -1 102 102"> <path d="M50,1 a49,49 0 0,1 0,98 a49,49 0 0,1 0,-98" style="transition: stroke-dashoffset 10ms linear 0s; stroke-dasharray: 307.919, 307.919; stroke-dashoffset: 286.138;"> </path> </svg> </div>  <script src="/assets/js/jquery.min.js"></script> <script src="/assets/js/bootstrap.min.js"></script> <script src="/assets/js/swiper-bundle.min.js"></script> <script src="/assets/js/swiper.js"></script> <script src="/assets/js/simpleParallax.min.js"></script> <script src="/assets/js/gsap.js"></script> <script src="/assets/js/SplitText.js"></script> <script src="/assets/js/wow.min.js"></script> <script src="/assets/js/ScrollTrigger.js"></script> <script src="/assets/js/gsap-animation.js"></script> <script src="/assets/js/tsparticles.min.js"></script> <script src="/assets/js/tsparticles.js"></script> <script src="/assets/js/main.js"></script> </body> </html><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script>