CVE-2023-30856 - OpenCVE

eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Edex-ui Project	Edex-ui

Configuration 1 [-]

cpe:2.3:a:edex-ui_project:edex-ui:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://christian-schneider.net/CrossSiteWebSocketHijacking.html
https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458
https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-28T15:54:54.891Z

Updated: 2024-08-02T14:37:15.472Z

Reserved: 2023-04-18T16:13:15.882Z

Link: CVE-2023-30856

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-04-28T16:15:10.260

Modified: 2023-05-10T16:48:45.100

Link: CVE-2023-30856

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-30856", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-04-18T16:13:15.882Z", "datePublished": "2023-04-28T15:54:54.891Z", "dateUpdated": "2024-08-02T14:37:15.472Z"}, "containers": {"cna": {"title": "eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-1385", "lang": "en", "description": "CWE-1385: Missing Origin Validation in WebSockets", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-346", "lang": "en", "description": "CWE-346: Origin Validation Error", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9"}, {"name": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html", "tags": ["x_refsource_MISC"], "url": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html"}, {"name": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458", "tags": ["x_refsource_MISC"], "url": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458"}], "affected": [{"vendor": "GitSquared", "product": "edex-ui", "versions": [{"version": "<= 2.2.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-28T15:54:54.891Z"}, "descriptions": [{"lang": "en", "value": "eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges."}], "source": {"advisory": "GHSA-q8xc-f2wf-ffh9", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:37:15.472Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9"}, {"name": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html"}, {"name": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:edex-ui_project:edex-ui:*:*:*:*:*:*:*:*", "matchCriteriaId": "86B052F3-CD9C-401F-BCDA-7BB1E037CE35", "versionEndIncluding": "2.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges."}], "id": "CVE-2023-30856", "lastModified": "2023-05-10T16:48:45.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-04-28T16:15:10.260", "references": [{"source": "security-advisories@github.com", "tags": ["Technical Description"], "url": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1385"}, {"lang": "en", "value": "CWE-346"}], "source": "security-advisories@github.com", "type": "Secondary"}]}