CVE-2024-27087 - Vulnerability Details - OpenCVE

Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Getkirby	Kirby

Configuration 1 [-]

cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437
https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4

History

Tue, 31 Dec 2024 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Getkirby Getkirby kirby
CPEs		cpe:2.3:a:getkirby:kirby::::::::
Vendors & Products		Getkirby Getkirby kirby

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-26T16:44:31.105Z

Updated: 2024-08-02T00:27:57.813Z

Reserved: 2024-02-19T14:43:05.992Z

Link: CVE-2024-27087

Vulnrichment

Updated: 2024-08-02T00:27:57.813Z

NVD

Status : Analyzed

Published: 2024-02-26T17:15:10.783

Modified: 2024-12-31T15:34:15.493

Link: CVE-2024-27087

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27087", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-02-19T14:43:05.992Z", "datePublished": "2024-02-26T16:44:31.105Z", "dateUpdated": "2024-08-02T00:27:57.813Z"}, "containers": {"cna": {"title": "Kirby cross-site scripting (XSS) in the link field \"Custom\" type", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4"}, {"name": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437", "tags": ["x_refsource_MISC"], "url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437"}], "affected": [{"vendor": "getkirby", "product": "kirby", "versions": [{"version": ">= 4.0.0, < 4.1.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-26T16:44:31.105Z"}, "descriptions": [{"lang": "en", "value": "Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a \"Custom\" link type for advanced use cases that don't fit any of the pre-defined link formats. As the \"Custom\" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.\n\n"}], "source": {"advisory": "GHSA-63h4-w25c-3qv4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27087", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-26T19:25:25.604500Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:00.531Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:57.813Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4"}, {"name": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4", "name": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437", "name": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:57.813Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27087", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-26T19:25:25.604500Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:40.870Z"}}], "cna": {"title": "Kirby cross-site scripting (XSS) in the link field \"Custom\" type", "source": {"advisory": "GHSA-63h4-w25c-3qv4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "getkirby", "product": "kirby", "versions": [{"status": "affected", "version": ">= 4.0.0, < 4.1.1"}]}], "references": [{"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4", "name": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437", "name": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a \"Custom\" link type for advanced use cases that don't fit any of the pre-defined link formats. As the \"Custom\" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.\n\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-26T16:44:31.105Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27087", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:27:57.813Z", "dateReserved": "2024-02-19T14:43:05.992Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-02-26T16:44:31.105Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*", "matchCriteriaId": "E14BEE12-BE86-4527-9BCA-194ACE2C2050", "versionEndExcluding": "4.1.1", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a \"Custom\" link type for advanced use cases that don't fit any of the pre-defined link formats. As the \"Custom\" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.\n\n"}, {"lang": "es", "value": "Kirby es un sistema de gesti\u00f3n de contenidos. El nuevo campo de enlace introducido en Kirby 4 permite varios tipos de enlaces diferentes, cada uno de los cuales valida el enlace ingresado en el formato de URL correspondiente. Tambi\u00e9n incluye un tipo de enlace \"Personalizado\" para casos de uso avanzados que no se ajustan a ninguno de los formatos de enlace predefinidos. Como el tipo de enlace \"Personalizado\" pretende ser flexible, tambi\u00e9n permite el esquema de URL javascript:. En algunos casos de uso, esto puede ser intencionado, pero los atacantes tambi\u00e9n pueden utilizarlo indebidamente para ejecutar c\u00f3digo JavaScript arbitrario cuando un usuario o visitante hace clic en un enlace que se genera a partir del contenido del campo de enlace. Esta vulnerabilidad est\u00e1 parcheada en 4.1.1."}], "id": "CVE-2024-27087", "lastModified": "2024-12-31T15:34:15.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-26T17:15:10.783", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}