PT-2022-25670 · Mitre · Mitre Caldera
L50
·
Published
2022-10-17
·
Updated
2022-10-19
·
CVE-2022-41139
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MITRE CALDERA version 4.1.0
Description
The issue allows stored XSS via the
app.contact.gist field, also known as the gist contact configuration field, leading to the execution of arbitrary commands on agents.Recommendations
For MITRE CALDERA version 4.1.0, consider disabling the
app.contact.gist field until a patch is available to prevent the execution of arbitrary commands on agents. Restrict access to this field to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mitre Caldera