Search

Find a vulnerability

Search criteria

    2 vulnerabilities by komari-monitor

    CVE-2025-55300 (GCVE-0-2025-55300)

    Vulnerability from nvd – Published: 2025-08-18 17:41 – Updated: 2025-08-18 17:52
    VLAI
    Title
    Komari Allows Cross-site WebSocket Hijacking
    Summary
    Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks against authenticated users. Any third party website can send requests to the terminal websocket endpoint with browser's cookies, resulting in remote code execution. This vulnerability is fixed in 1.0.4-fix1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    komari-monitor komari Affected: < 1.0.4-fix1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55300",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-18T17:51:59.661046Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-18T17:52:19.481Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "komari",
              "vendor": "komari-monitor",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0.4-fix1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks against authenticated users. Any third party website can send requests to the terminal websocket endpoint with browser\u0027s cookies, resulting in remote code execution. This vulnerability is fixed in 1.0.4-fix1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T17:41:37.372Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/komari-monitor/komari/security/advisories/GHSA-q355-h244-969h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/komari-monitor/komari/security/advisories/GHSA-q355-h244-969h"
            },
            {
              "name": "https://github.com/komari-monitor/komari/commit/d31d12e59febce100ab0285b93338f09aa5d6cb1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/komari-monitor/komari/commit/d31d12e59febce100ab0285b93338f09aa5d6cb1"
            }
          ],
          "source": {
            "advisory": "GHSA-q355-h244-969h",
            "discovery": "UNKNOWN"
          },
          "title": "Komari Allows Cross-site WebSocket Hijacking"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-55300",
        "datePublished": "2025-08-18T17:41:37.372Z",
        "dateReserved": "2025-08-12T16:15:30.238Z",
        "dateUpdated": "2025-08-18T17:52:19.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55300 (GCVE-0-2025-55300)

    Vulnerability from cvelistv5 – Published: 2025-08-18 17:41 – Updated: 2025-08-18 17:52
    VLAI
    Title
    Komari Allows Cross-site WebSocket Hijacking
    Summary
    Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks against authenticated users. Any third party website can send requests to the terminal websocket endpoint with browser's cookies, resulting in remote code execution. This vulnerability is fixed in 1.0.4-fix1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    komari-monitor komari Affected: < 1.0.4-fix1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55300",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-18T17:51:59.661046Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-18T17:52:19.481Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "komari",
              "vendor": "komari-monitor",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0.4-fix1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks against authenticated users. Any third party website can send requests to the terminal websocket endpoint with browser\u0027s cookies, resulting in remote code execution. This vulnerability is fixed in 1.0.4-fix1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T17:41:37.372Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/komari-monitor/komari/security/advisories/GHSA-q355-h244-969h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/komari-monitor/komari/security/advisories/GHSA-q355-h244-969h"
            },
            {
              "name": "https://github.com/komari-monitor/komari/commit/d31d12e59febce100ab0285b93338f09aa5d6cb1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/komari-monitor/komari/commit/d31d12e59febce100ab0285b93338f09aa5d6cb1"
            }
          ],
          "source": {
            "advisory": "GHSA-q355-h244-969h",
            "discovery": "UNKNOWN"
          },
          "title": "Komari Allows Cross-site WebSocket Hijacking"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-55300",
        "datePublished": "2025-08-18T17:41:37.372Z",
        "dateReserved": "2025-08-12T16:15:30.238Z",
        "dateUpdated": "2025-08-18T17:52:19.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }