CVE-2024-27103 - OpenCVE

Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the "query auto-suggestion" the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f
https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-28T17:41:36.012Z

Updated: 2024-08-02T00:27:59.282Z

Reserved: 2024-02-19T14:43:05.994Z

Link: CVE-2024-27103

Vulnrichment

Updated: 2024-08-02T00:27:59.282Z

NVD

Status : Awaiting Analysis

Published: 2024-02-28T18:15:45.940

Modified: 2024-02-29T13:49:47.277

Link: CVE-2024-27103

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27103", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-02-19T14:43:05.994Z", "datePublished": "2024-02-28T17:41:36.012Z", "dateUpdated": "2024-08-02T00:27:59.282Z"}, "containers": {"cna": {"title": "Querybook Stored Cross-Site Scripting allows Privilege Elevation", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88"}, {"name": "https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f", "tags": ["x_refsource_MISC"], "url": "https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f"}], "affected": [{"vendor": "pinterest", "product": "querybook", "versions": [{"version": "< 3.31.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-28T17:41:36.012Z"}, "descriptions": [{"lang": "en", "value": "Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the \"query auto-suggestion\" the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2."}], "source": {"advisory": "GHSA-3hjm-9277-5c88", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27103", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T19:57:06.758749Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:05.136Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.282Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88"}, {"name": "https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88", "name": "https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f", "name": "https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.282Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27103", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T19:57:06.758749Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:37.795Z"}}], "cna": {"title": "Querybook Stored Cross-Site Scripting allows Privilege Elevation", "source": {"advisory": "GHSA-3hjm-9277-5c88", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "pinterest", "product": "querybook", "versions": [{"status": "affected", "version": "< 3.31.1"}]}], "references": [{"url": "https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88", "name": "https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f", "name": "https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the \"query auto-suggestion\" the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-28T17:41:36.012Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27103", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:27:59.282Z", "dateReserved": "2024-02-19T14:43:05.994Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-02-28T17:41:36.012Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the \"query auto-suggestion\" the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2."}, {"lang": "es", "value": "Querybook es una interfaz de usuario de consulta de Big Data. Cuando un usuario busca sus consultas, documentos de datos, tablas y listas, el resultado de la b\u00fasqueda se marca y resalta, y esta funci\u00f3n utiliza peligrosamente SetInnerHTML, lo que significa que si el resultado resaltado tiene una carga \u00fatil XSS, se activar\u00e1. Mientras que la entrada a peligrosamenteSetInnerHTML no est\u00e1 desinfectada para los datos dentro de las consultas, lo que conduce a una vulnerabilidad XSS. Durante la \"sugerencia autom\u00e1tica de consultas\", el nombre de las tablas sugeridas se configura con internalHTML, lo que conduce a la vulnerabilidad XSS. Se introdujo un parche para rectificar este problema en la versi\u00f3n 3.31.2 de Querybook."}], "id": "CVE-2024-27103", "lastModified": "2024-02-29T13:49:47.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-02-28T18:15:45.940", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f"}, {"source": "security-advisories@github.com", "url": "https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}