CVE-2024-41676 - Vulnerability Details - OpenCVE

Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openmage	Magento

Configuration 1 [-]

cpe:2.3:a:openmage:magento:*:*:*:*:lts:*:*:*

No data.

References

Link	Providers
https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2

History

Fri, 23 Aug 2024 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openmage Openmage magento
CPEs		cpe:2.3:a:openmage:magento:::::lts:::*
Vendors & Products		Openmage Openmage magento

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-29T14:46:26.806Z

Updated: 2024-08-02T04:46:52.910Z

Reserved: 2024-07-18T15:21:47.486Z

Link: CVE-2024-41676

Vulnrichment

Updated: 2024-08-02T04:46:52.910Z

NVD

Status : Modified

Published: 2024-07-29T15:15:16.040

Modified: 2024-11-21T09:32:57.240

Link: CVE-2024-41676

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41676", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-18T15:21:47.486Z", "datePublished": "2024-07-29T14:46:26.806Z", "dateUpdated": "2024-08-02T04:46:52.910Z"}, "containers": {"cna": {"title": "Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2"}, {"name": "https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948"}], "affected": [{"vendor": "OpenMage", "product": "magento-lts", "versions": [{"version": "< 20.10.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-29T14:46:26.806Z"}, "descriptions": [{"lang": "en", "value": "Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases.\nBut because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher."}], "source": {"advisory": "GHSA-5vrp-638w-p8m2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-29T15:41:02.179288Z", "id": "CVE-2024-41676", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T15:41:08.994Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.910Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2"}, {"name": "https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2", "name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948", "name": "https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.910Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41676", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-29T15:41:02.179288Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T15:41:06.130Z"}}], "cna": {"title": "Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs", "source": {"advisory": "GHSA-5vrp-638w-p8m2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OpenMage", "product": "magento-lts", "versions": [{"status": "affected", "version": "< 20.10.1"}]}], "references": [{"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2", "name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948", "name": "https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases.\nBut because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-29T14:46:26.806Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41676", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:46:52.910Z", "dateReserved": "2024-07-18T15:21:47.486Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-07-29T14:46:26.806Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openmage:magento:*:*:*:*:lts:*:*:*", "matchCriteriaId": "574AE399-A76D-4A0D-964E-0C0F6D5567E6", "versionEndExcluding": "20.10.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases.\nBut because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher."}, {"lang": "es", "value": "Magento-lts es una alternativa de soporte a largo plazo a Magento Community Edition (CE). Esta vulnerabilidad de XSS afecta las configuraciones del sistema design/header/welcome, design/header/logo_src, design/header/logo_src_small y design/header/logo_alt. Su objetivo es permitir a los administradores establecer un texto en los dos casos y definir una URL de imagen para los otros dos casos. Pero debido a que anteriormente faltaba el escape, se permit\u00eda ingresar HTML arbitrario y, como consecuencia, tambi\u00e9n JavaScript arbitrario. El problema se solucion\u00f3 con la versi\u00f3n 20.10.1 o superior."}], "id": "CVE-2024-41676", "lastModified": "2024-11-21T09:32:57.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T15:15:16.040", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}