CVE-2023-30856 - Vulnerability Details - OpenCVE

eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Edex-ui Project	Edex-ui

Configuration 1 [-]

cpe:2.3:a:edex-ui_project:edex-ui:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://christian-schneider.net/CrossSiteWebSocketHijacking.html
https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458
https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9

History

Thu, 30 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-28T15:54:54.891Z

Updated: 2025-01-30T16:52:24.144Z

Reserved: 2023-04-18T16:13:15.882Z

Link: CVE-2023-30856

Vulnrichment

Updated: 2024-08-02T14:37:15.472Z

NVD

Status : Modified

Published: 2023-04-28T16:15:10.260

Modified: 2024-11-21T08:00:58.973

Link: CVE-2023-30856

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-30856", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-04-18T16:13:15.882Z", "datePublished": "2023-04-28T15:54:54.891Z", "dateUpdated": "2025-01-30T16:52:24.144Z"}, "containers": {"cna": {"title": "eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-1385", "lang": "en", "description": "CWE-1385: Missing Origin Validation in WebSockets", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-346", "lang": "en", "description": "CWE-346: Origin Validation Error", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9"}, {"name": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html", "tags": ["x_refsource_MISC"], "url": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html"}, {"name": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458", "tags": ["x_refsource_MISC"], "url": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458"}], "affected": [{"vendor": "GitSquared", "product": "edex-ui", "versions": [{"version": "<= 2.2.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-28T15:54:54.891Z"}, "descriptions": [{"lang": "en", "value": "eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges."}], "source": {"advisory": "GHSA-q8xc-f2wf-ffh9", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:37:15.472Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9"}, {"name": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html"}, {"name": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-30T16:52:19.893406Z", "id": "CVE-2023-30856", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-30T16:52:24.144Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9", "name": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html", "name": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458", "name": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:37:15.472Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-30856", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-30T16:52:19.893406Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-30T16:49:45.768Z"}}], "cna": {"title": "eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution", "source": {"advisory": "GHSA-q8xc-f2wf-ffh9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "GitSquared", "product": "edex-ui", "versions": [{"status": "affected", "version": "<= 2.2.8"}]}], "references": [{"url": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9", "name": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html", "name": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458", "name": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1385", "description": "CWE-1385: Missing Origin Validation in WebSockets"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346: Origin Validation Error"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-28T15:54:54.891Z"}}}, "cveMetadata": {"cveId": "CVE-2023-30856", "state": "PUBLISHED", "dateUpdated": "2025-01-30T16:52:24.144Z", "dateReserved": "2023-04-18T16:13:15.882Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-04-28T15:54:54.891Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:edex-ui_project:edex-ui:*:*:*:*:*:*:*:*", "matchCriteriaId": "86B052F3-CD9C-401F-BCDA-7BB1E037CE35", "versionEndIncluding": "2.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges."}], "id": "CVE-2023-30856", "lastModified": "2024-11-21T08:00:58.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-28T16:15:10.260", "references": [{"source": "security-advisories@github.com", "tags": ["Technical Description"], "url": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}, {"lang": "en", "value": "CWE-1385"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}]}