Impact
An HTML injection flaw exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, allowing an attacker to embed a limited set of HTML elements, such as links, into messages displayed in Google Chat. The injected content can manipulate the interface, potentially redirect users to malicious sites or present misleading information, but it does not provide direct code execution or broader system compromise. The risk is primarily in facilitating phishing or social engineering attacks within the chat environment.
Affected Systems
The affected product is Thinkst Applied Research Canarytokens. All Docker images tagged with sha‑4aef1db90 or earlier, and any Git commit from 4aef1db90 up to but not including 8ab4dccd, are vulnerable. Updating to images tagged sha‑8ab4dccd or later resolves the vulnerability.
Risk and Exploitability
The CVSS score is 2, indicating low severity, and no EPSS data is available. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the likely attack vector is the Google Chat webhook; an attacker would need to inject messages or otherwise control a Canarytokens instance. The exploitation potential is modest, with the primary threat being the delivery of malicious links to chat participants.
OpenCVE Enrichment