Headline
GHSA-f36p-42jv-8rh2: Lithium vulnerable to Cross Site Scripting in provided Swagger-UI
Impact
A XSS vulnerability in the provided (outdated) Swagger-UI is exploitable in applications using lithium with Swagger-UI enabled. This allows an attacker gain Remote Code Execution (RCE) and potentially exfiltrate secrets in the context of this swagger session.
Patches
The used swagger-ui was updated by switching to the latest version of dropwizard-swagger in 8b9b406d608fe482ec0e7adf8705834bca92d7df
Workarounds
The risk of injected external content can be reduced by setting up a Content-Security-Policy.
References
- https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/
Credits
We thank Mohit Kumar for reporting this vulnerability!
Package
maven com.wire:lithium (Maven)
Affected versions
< 3.4.2
Patched versions
3.4.2
Description
Impact
A XSS vulnerability in the provided (outdated) Swagger-UI is exploitable in applications using lithium with Swagger-UI enabled.
This allows an attacker gain Remote Code Execution (RCE) and potentially exfiltrate secrets in the context of this swagger session.
Patches
The used swagger-ui was updated by switching to the latest version of dropwizard-swagger in 8b9b406d608fe482ec0e7adf8705834bca92d7df
Workarounds
The risk of injected external content can be reduced by setting up a Content-Security-Policy.
References
- https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/
Credits
We thank Mohit Kumar for reporting this vulnerability!
References
- GHSA-f36p-42jv-8rh2
- wireapp/lithium@8b9b406
comawill published the maintainer security advisory
Sep 27, 2022
Severity
High
8.1
/ 10
CVSS base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Weaknesses
CWE-79
CVE ID
No known CVE
GHSA ID
GHSA-f36p-42jv-8rh2
Source code
wireapp/lithium
Checking history
See something to contribute? Suggest improvements for this vulnerability.