Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-1231

Опубликовано: 15 апр. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.1

Описание

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

not-affected

1.2020.2+ds-6
esm-apps/bionic

released

1:1.2017.15-1ubuntu0.1~esm1
esm-apps/focal

released

1:1.2018.13+ds-2ubuntu0.1~esm1
esm-apps/jammy

released

1:1.2020.2+ds-1ubuntu0.1
esm-apps/noble

released

1:1.2020.2+ds-3ubuntu1.1
esm-apps/xenial

released

8024-2ubuntu0.1~esm1
focal

ignored

end of standard support, was needed
jammy

released

1:1.2020.2+ds-1ubuntu0.1
kinetic

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 42%
0.00199
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-1231

CVSS3: 6.1
nvd
почти 4 года назад

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).

debian логотип

CVE-2022-1231

CVSS3: 6.1
debian
почти 4 года назад

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantu ...

github логотип

GHSA-cpj6-8368-p538

CVSS3: 6.1
github
почти 4 года назад

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).

EPSS

Процентиль: 42%
0.00199
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3