CVE-2022-29172

{"id": "CVE-2022-29172", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-05-05T23:15:09.150", "references": [{"url": "https://github.com/auth0/lock/commit/79ae557d331274b114848150f19832ae341771b1", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/auth0/lock/security/advisories/GHSA-7ww6-75fj-jcj7", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/auth0/lock/commit/79ae557d331274b114848150f19832ae341771b1", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/auth0/lock/security/advisories/GHSA-7ww6-75fj-jcj7", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the \u201cadditional signup fields\u201d feature [is configured](https://github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient's name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the \u201cadditional signup fields\u201d feature in your application. Upgrade to version `11.33.0`."}, {"lang": "es", "value": "Auth0 es un broker de autenticaci\u00f3n que soporta proveedores de identidad social y empresarial, incluyendo Active Directory, LDAP, Google Apps y Salesforce. En las versiones anteriores a \"11.33.0\", cuando la funcionalidad \"additional signup fields\" [est\u00e1 configurada] (https://github.com/auth0/lock#additional-sign-up-fields), un actor malicioso puede inyectar c\u00f3digo HTML inv\u00e1lido en estos campos adicionales, que luego es almacenado en la carga \u00fatil del servicio \"user_metdata\" (usando la propiedad \"name\"). Los correos electr\u00f3nicos de verificaci\u00f3n, cuando son aplicados, son generados usando estos metadatos. Por lo tanto, es posible que un actor dise\u00f1e un enlace malicioso inyectando HTML, que luego es presentado como el nombre del destinatario dentro de la plantilla de correo electr\u00f3nico entregada. Esta vulnerabilidad le afecta si usa la versi\u00f3n \"auth0-lock\" o inferior y usa la funcionalidad de \"additional signup fields\" en su aplicaci\u00f3n. Actualice a versi\u00f3n \"11.33.0\""}], "lastModified": "2024-11-21T06:58:38.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:auth0:lock:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "CFD2AD83-48BA-494A-80F6-79E53F168CFB", "versionEndExcluding": "11.33.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}