CVE-2024-25639 - OpenCVE

Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Khoj	Khoj

Configuration 1 [-]

cpe:2.3:a:khoj:khoj:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc
https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm

History

Thu, 22 Aug 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Khoj Khoj khoj
Weaknesses		CWE-77 CWE-79
CPEs		cpe:2.3:a:khoj:khoj::::::::
Vendors & Products		Khoj Khoj khoj

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-08T14:24:33.987Z

Updated: 2024-08-01T23:44:09.829Z

Reserved: 2024-02-08T22:26:33.514Z

Link: CVE-2024-25639

Vulnrichment

Updated: 2024-08-01T23:44:09.829Z

NVD

Status : Analyzed

Published: 2024-07-08T15:15:21.423

Modified: 2024-08-22T14:59:56.757

Link: CVE-2024-25639

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25639", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-02-08T22:26:33.514Z", "datePublished": "2024-07-08T14:24:33.987Z", "dateUpdated": "2024-08-01T23:44:09.829Z"}, "containers": {"cna": {"title": "Prompt Injection triggered XSS vulnerability in Khoj Obsidian, Desktop and Web clients", "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm"}, {"name": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc", "tags": ["x_refsource_MISC"], "url": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc"}], "affected": [{"vendor": "khoj-ai", "product": "khoj", "versions": [{"version": "< 1.13.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-08T14:24:33.987Z"}, "descriptions": [{"lang": "en", "value": "Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0."}], "source": {"advisory": "GHSA-h2q2-vch3-72qm", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "khojai", "product": "khoj", "cpes": ["cpe:2.3:a:khojai:khoj:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.13.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T14:55:37.305412Z", "id": "CVE-2024-25639", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T15:00:37.872Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:09.829Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm"}, {"name": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm", "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc", "name": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:09.829Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25639", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-08T14:55:37.305412Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:khojai:khoj:*:*:*:*:*:*:*:*"], "vendor": "khojai", "product": "khoj", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T15:00:21.373Z"}}], "cna": {"title": "Prompt Injection triggered XSS vulnerability in Khoj Obsidian, Desktop and Web clients", "source": {"advisory": "GHSA-h2q2-vch3-72qm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "khoj-ai", "product": "khoj", "versions": [{"status": "affected", "version": "< 1.13.0"}]}], "references": [{"url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm", "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc", "name": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-08T14:24:33.987Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25639", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:44:09.829Z", "dateReserved": "2024-02-08T22:26:33.514Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-07-08T14:24:33.987Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:khoj:khoj:*:*:*:*:*:*:*:*", "matchCriteriaId": "2678B39E-00C3-4B4E-9857-FD3F90D30A7B", "versionEndExcluding": "1.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0."}, {"lang": "es", "value": "Khoj es una aplicaci\u00f3n que crea agentes personales de IA. Los clientes web, de escritorio y de Khoj Obsidian sanitizan inadecuadamente la respuesta del modelo de IA y las entradas de los usuarios. Esto puede activar Cross Site Scripting (XSS) mediante inyecci\u00f3n r\u00e1pida desde documentos que no son de confianza, ya sea indexados por el usuario en Khoj o le\u00eddos por Khoj desde Internet cuando el usuario invoca el comando /online. Esta vulnerabilidad se solucion\u00f3 en 1.13.0."}], "id": "CVE-2024-25639", "lastModified": "2024-08-22T14:59:56.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-07-08T15:15:21.423", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-80"}], "source": "security-advisories@github.com", "type": "Secondary"}]}