GHSA-QM5V-PJ64-852J

Vulnerability from github – Published: 2024-05-20 17:09 – Updated: 2024-05-20 17:09
VLAI
Summary
Passbolt Api Tabnabbing when opening URI with menu "Open URI in a new tab"
Details

Description

A user could create and share a resource with a malicious URI. When the victim opens with menu “Open URI in a new tab” function, the malicious page has access to the window.opener object.

Impact of issue

The newly opened malicious page can for example change the window.opener.location to redirect the user to a phishing page, or call a JavaScript function served by the AppJS on the user behalf for example to try to affect the integrity of the data.

Fix

The code that opens a new window via window.open(); now open the tab with the noopener attribute.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "passbolt/passbolt_api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-657"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-20T17:09:57Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Description\nA user could create and share a resource with a malicious URI. When the victim opens with menu \u201cOpen URI in a new tab\u201d function, the malicious page has access to the window.opener object.\n\n### Impact of issue\nThe newly opened malicious page can for example change the window.opener.location to redirect the user to a phishing page, or call a JavaScript function served by the AppJS on the user behalf for example to try to affect the integrity of the data.\n\n### Fix\nThe code that opens a new window via window.open(); now open the tab with the noopener attribute.",
  "id": "GHSA-qm5v-pj64-852j",
  "modified": "2024-05-20T17:09:57Z",
  "published": "2024-05-20T17:09:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/passbolt/passbolt_api/commit/f568e113beb3134446eda9e66400d28d726ee20d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/passbolt/passbolt_api/2019-08-07-3.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/passbolt/passbolt_api"
    },
    {
      "type": "WEB",
      "url": "https://www.passbolt.com/incidents/20190807_multiple_vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Passbolt Api Tabnabbing when opening URI with menu \"Open URI in a new tab\""
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…