CVE-2023-22475

Name of the Vulnerable Software and Affected Versions Canarytokens versions prior to sha-fb61290

Description A Cross-Site Scripting issue was identified in the history page of triggered Canarytokens. An attacker who discovers an HTTP-based Canarytoken can execute Javascript in the Canarytoken's trigger history page when the history page is later visited by the Canarytoken's creator. This could be used to disable or delete the affected Canarytoken, view its activation history, or reveal more information about the Canarytoken's creator, such as their email address. The attacker could also redirect the creator towards an attacker-controlled Canarytoken to show the creator's network location.

Recommendations For versions prior to sha-fb61290, update to Canarytokens Docker images sha-fb61290 or later, which contain a patch for this issue. As a temporary workaround, consider restricting access to the history page of triggered Canarytokens until the patch is applied.