CVE-2024-43407

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSHi library was included as a vendor dependency in CKEditor 4 source files. In a specific scenario, an attacker could craft a malicious script that could be executed by sending a request to the GeSHi library hosted on a PHP web server. The GeSHi library is no longer actively maintained. Due to the lack of ongoing support and updates, potential security vulnerabilities have been identified with its continued use. To mitigate these risks and enhance the overall security of the CKEditor 4, we have decided to completely remove the GeSHi library as a dependency. This change aims to maintain a secure environment and reduce the risk of any security incidents related to outdated or unsupported software. The fix is be available in version 4.25.0-lts.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/ckeditor/ckeditor4/commit/71072c9f7f263329841bd38e7e5309074c82ef94	Patch
https://github.com/ckeditor/ckeditor4/commit/951e7d75fcbcaa2590b0719fb0bb0dd0539ca6fa	Patch
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7r32-vfj5-c2jv	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:lts:*:*:*

History

No history.

Information

Published : 2024-08-21 15:15

Updated : 2024-08-23 16:20

NVD link : CVE-2024-43407

Mitre link : CVE-2024-43407

CVE.ORG link : CVE-2024-43407

JSON object : View

Products Affected

ckeditor

ckeditor

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-43407", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-08-21T15:15:09.397", "references": [{"url": "https://github.com/ckeditor/ckeditor4/commit/71072c9f7f263329841bd38e7e5309074c82ef94", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ckeditor/ckeditor4/commit/951e7d75fcbcaa2590b0719fb0bb0dd0539ca6fa", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7r32-vfj5-c2jv", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSHi library was included as a vendor dependency in CKEditor 4 source files. In a specific scenario, an attacker could craft a malicious script that could be executed by sending a request to the GeSHi library hosted on a PHP web server. The GeSHi library is no longer actively maintained. Due to the lack of ongoing support and updates, potential security vulnerabilities have been identified with its continued use. To mitigate these risks and enhance the overall security of the CKEditor 4, we have decided to completely remove the GeSHi library as a dependency. This change aims to maintain a secure environment and reduce the risk of any security incidents related to outdated or unsupported software. The fix is be available in version 4.25.0-lts."}, {"lang": "es", "value": "CKEditor4 es un editor HTML de c\u00f3digo abierto de lo que ves es lo que obtienes. Se ha descubierto una vulnerabilidad potencial en el complemento GeSHi del fragmento de c\u00f3digo de CKEditor 4. La vulnerabilidad permiti\u00f3 un ataque XSS reflejado al explotar una falla en la librer\u00eda de resaltado de sintaxis GeSHi alojada por la v\u00edctima. La librer\u00eda GeSHi se incluy\u00f3 como dependencia del proveedor en los archivos fuente de CKEditor 4. En un escenario espec\u00edfico, un atacante podr\u00eda crear un script malicioso que podr\u00eda ejecutarse enviando una solicitud a la librer\u00eda GeSHi alojada en un servidor web PHP. La librer\u00eda GeSHi ya no se mantiene activamente. Debido a la falta de soporte y actualizaciones continuas, se han identificado posibles vulnerabilidades de seguridad con su uso continuo. Para mitigar estos riesgos y mejorar la seguridad general de CKEditor 4, hemos decidido eliminar por completo la librer\u00eda GeSHi como dependencia. Este cambio tiene como objetivo mantener un entorno seguro y reducir el riesgo de incidentes de seguridad relacionados con software desactualizado o sin soporte. La soluci\u00f3n estar\u00e1 disponible en la versi\u00f3n 4.25.0-lts."}], "lastModified": "2024-08-23T16:20:42.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "C4754AC3-7A7F-4BFA-BD12-066EE0C46FC3", "versionEndExcluding": "4.25.0", "versionStartIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}