CVE-2024-45613

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround, one may disable the block toolbar plugin.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1	Release Notes
https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ckeditor:ckeditor5:*:*:*:*:*:*:*:*

History

01 Oct 2024, 16:26

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.2~~	v2 : unknown v3 : 6.1
References	~~() https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1 -~~	() https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1 - Release Notes
References	~~() https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v -~~	() https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v - Third Party Advisory
CPE		cpe:2.3:a:ckeditor:ckeditor5::::::::
First Time		Ckeditor ckeditor5 Ckeditor

26 Sep 2024, 13:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-25 14:15

Updated : 2024-10-01 22:15

NVD link : CVE-2024-45613

Mitre link : CVE-2024-45613

CVE.ORG link : CVE-2024-45613

JSON object : View

Products Affected

ckeditor

ckeditor5

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-45613", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.1, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-25T14:15:05.303", "references": [{"url": "https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround, one may disable the block toolbar plugin."}, {"lang": "es", "value": "CKEditor 5 es un editor de texto enriquecido de JavaScript. A partir de la versi\u00f3n 40.0.0 y antes de la versi\u00f3n 43.1.1, existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el paquete de portapapeles de CKEditor 5. Esta vulnerabilidad podr\u00eda ser activada por una acci\u00f3n espec\u00edfica del usuario, lo que llevar\u00eda a la ejecuci\u00f3n no autorizada de c\u00f3digo JavaScript, si el atacante lograra insertar un contenido malicioso en el editor, lo que podr\u00eda suceder con una configuraci\u00f3n de editor muy espec\u00edfica. Esta vulnerabilidad solo afecta a las instalaciones donde est\u00e1 habilitado el complemento Block Toolbar y tambi\u00e9n est\u00e1 habilitado General HTML Support (con una configuraci\u00f3n que permite marcado no seguro) o el complemento HTML Embed. Hay una soluci\u00f3n para el problema disponible en la versi\u00f3n 43.1.1. Como workaround, se puede deshabilitar el complemento Block Toolbar."}], "lastModified": "2024-10-01T22:15:02.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ckeditor:ckeditor5:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39B7461E-12D2-4069-9B0A-365BF11B83AD", "versionEndExcluding": "43.1.1", "versionStartIncluding": "40.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}