CVE-2023-49781 - Vulnerability Details - OpenCVE

NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function recognizes the pattern URI::(XXX) and creates a hyperlink tag <a> with href=XXX. However, it leaves all the other contents outside of the pattern URI::(XXX) unchanged. This vulnerability is fixed in 0.202.9.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nocodb	Nocodb

No data.

No data.

References

Link	Providers
https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574
https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-05-13T18:54:54.196Z

Updated: 2024-08-02T22:01:25.824Z

Reserved: 2023-11-30T13:39:50.861Z

Link: CVE-2023-49781

Vulnrichment

Updated: 2024-08-02T22:01:25.824Z

NVD

Status : Awaiting Analysis

Published: 2024-05-14T14:06:05.637

Modified: 2024-11-21T08:33:50.010

Link: CVE-2023-49781

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49781", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-30T13:39:50.861Z", "datePublished": "2024-05-13T18:54:54.196Z", "dateUpdated": "2024-08-02T22:01:25.824Z"}, "containers": {"cna": {"title": "NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h"}, {"name": "https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574", "tags": ["x_refsource_MISC"], "url": "https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574"}], "affected": [{"vendor": "nocodb", "product": "nocodb", "versions": [{"version": "< 0.202.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-13T18:54:54.196Z"}, "descriptions": [{"lang": "en", "value": "NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of \"urls\" whose contents are processed by the function replaceUrlsWithLink(). This function recognizes the pattern URI::(XXX) and creates a hyperlink tag <a> with href=XXX. However, it leaves all the other contents outside of the pattern URI::(XXX) unchanged. This vulnerability is fixed in 0.202.9.\n"}], "source": {"advisory": "GHSA-h6r4-xvw6-jc5h", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49781", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T19:49:05.633322Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*"], "vendor": "nocodb", "product": "nocodb", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:27:51.204Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:25.824Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h"}, {"name": "https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h", "name": "https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574", "name": "https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:25.824Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49781", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T19:49:05.633322Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*"], "vendor": "nocodb", "product": "nocodb", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-13T19:49:58.658Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue", "source": {"advisory": "GHSA-h6r4-xvw6-jc5h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "nocodb", "product": "nocodb", "versions": [{"status": "affected", "version": "< 0.202.9"}]}], "references": [{"url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h", "name": "https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574", "name": "https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of \"urls\" whose contents are processed by the function replaceUrlsWithLink(). This function recognizes the pattern URI::(XXX) and creates a hyperlink tag <a> with href=XXX. However, it leaves all the other contents outside of the pattern URI::(XXX) unchanged. This vulnerability is fixed in 0.202.9.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-13T18:54:54.196Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49781", "state": "PUBLISHED", "dateUpdated": "2024-08-02T22:01:25.824Z", "dateReserved": "2023-11-30T13:39:50.861Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-13T18:54:54.196Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of \"urls\" whose contents are processed by the function replaceUrlsWithLink(). This function recognizes the pattern URI::(XXX) and creates a hyperlink tag <a> with href=XXX. However, it leaves all the other contents outside of the pattern URI::(XXX) unchanged. This vulnerability is fixed in 0.202.9.\n"}, {"lang": "es", "value": "NocoDB es un software para crear bases de datos como hojas de c\u00e1lculo. Antes de 0.202.9, exist\u00eda una vulnerabilidad de Cross Site Scripting almacenado dentro de la funcionalidad de comentarios de celda virtual de F\u00f3rmula. El nc-gui/components/virtual-cell/Formula.vue muestra una etiqueta v-html con el valor de \"urls\" cuyo contenido es procesado por la funci\u00f3n replaceUrlsWithLink(). Esta funci\u00f3n reconoce el patr\u00f3n URI::(XXX) y crea una etiqueta de hiperv\u00ednculo <a rel=\"nofollow\"> con href=XXX. Sin embargo, deja todos los dem\u00e1s contenidos fuera del patr\u00f3n URI::(XXX) sin cambios. Esta vulnerabilidad est\u00e1 solucionada en 0.202.9.</a>"}], "id": "CVE-2023-49781", "lastModified": "2024-11-21T08:33:50.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-14T14:06:05.637", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574"}, {"source": "security-advisories@github.com", "url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}