GHSA-m36x-mgfh-8g78
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m36x-mgfh-8g78
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-m36x-mgfh-8g78/GHSA-m36x-mgfh-8g78.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m36x-mgfh-8g78
- Aliases
- Published
- 2022-01-27T15:15:25Z
- Modified
- 2024-08-21T14:57:04.509104Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Subdomain Takeover in Interactsh server
- Details
-
A domain configured with interactsh server was vulnerable to subdomain takeover for specfic subdomain, i.e
app, Interactsh server before< 1.0.0used to create cname entries forapppointing toprojectdiscovery.github.ioas default which intended to used for hosting interactsh web client using GitHub pages. It turns out to be a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a cname entry pointing to GitHub pages, making them vulnerable to subdomain takeover.This issue was initially reported to us as a subdomain takeover for one of our domains that runs interactsh server by Melih at
security@projectdiscovery.io, and after conducting an internal investigation, we determined that it was an issue with the default config of interactsh server affecting all the server running self-hosted instance of interactsh, as a result - cname entry has been removed in the latest release.Impact
This allows one to host / run arbitrary client side code (XSS) in a user's browser when browsing the vulnerable subdomain, for more details on the impact, please read this detailed blogpost from Detectify.
Patches
Update to Interactsh server v1.0.0 with
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-server@latestReferences
https://github.com/projectdiscovery/interactsh/issues/136
For more information
If you have any questions or comments about this advisory: * Email us at security@projectdiscovery.io
- Database specific
{ "nvd_published_at": "2023-06-28T22:15:09Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-01-24T22:24:55Z" }- References
-
- https://github.com/projectdiscovery/interactsh/security/advisories/GHSA-m36x-mgfh-8g78
- https://nvd.nist.gov/vuln/detail/CVE-2023-36474
- https://github.com/projectdiscovery/interactsh/issues/136
- https://github.com/projectdiscovery/interactsh/pull/155
- https://github.com/projectdiscovery/interactsh
- https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more
Affected packages
Go / github.com/projectdiscovery/interactsh
Package
- Name
- github.com/projectdiscovery/interactsh
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/projectdiscovery/interactsh