CVE-2023-36474

2023-06-2822:15:09

CWE-79

[email protected]

web.nvd.nist.gov

interactsh

security

subdomain takeover

cve-2023-36474

cname

github pages

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

0.001 Low

EPSS

Percentile

35.4%

JSON

Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e app. Interactsh server used to create cname entries for app pointing to projectdiscovery.github.io as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user’s browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default.

Affected configurations

Vulners

NVD

Node

projectdiscoveryinteractshRange<1.0.0

VendorProductVersionCPE
projectdiscoveryinteractsh*cpe:2.3:a:projectdiscovery:interactsh:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
projectdiscovery	interactsh	*	cpe:2.3:a:projectdiscovery:interactsh::::::::

CNA Affected

[
  {
    "vendor": "projectdiscovery",
    "product": "interactsh",
    "versions": [
      {
        "version": "< 1.0.0",
        "status": "affected"
      }
    ]
  }
]