CVE-2024-41663

Name of the Vulnerable Software and Affected Versions Canarytokens versions prior to the latest Docker image (after sha-097d91a)

Description A Cross-Site Scripting issue was identified in the "Cloned Website" Canarytoken. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of their slow redirect token. When the creator later browses the management page for their own Canarytoken, the Javascript executes, resulting in a self-XSS. An attacker could create a Canarytoken with this self-XSS and send the management link to a victim, allowing the Javascript to execute when they click on it. However, no sensitive information, such as session information, will be disclosed to the malicious actor.

Recommendations For self-hosted Canarytokens installations, update by pulling the latest Docker image, or any Docker image after sha-097d91a. As a temporary workaround, consider restricting access to the management page of the Canarytoken until the issue is resolved.