CVE-2023-45671
Frigate reflected XSS through `/<camera_name>` API endpoints
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.
Frigate es una grabadora de vídeo en red de código abierto. Antes de la versión 0.13.0 Beta 3, había una vulnerabilidad de cross-site scripting reflejada en cualquier endpoint de API que dependiera de la ruta base `/`, ya que los valores proporcionados para la ruta no están sanitizados. Explotar esta vulnerabilidad requiere que el atacante conozca información muy específica sobre el servidor Frigate de un usuario y requiere que se engañe a un usuario autenticado para que haga clic en un enlace especialmente manipulado a su instancia de Frigate. Esta vulnerabilidad podría ser aprovechada por un atacante en las siguientes circunstancias: Fragata expuesta públicamente a Internet (incluso con autenticación); el atacante conoce la dirección de la instancia de Frigate de un usuario; el atacante crea una página especializada que enlaza con la instancia de Frigate del usuario; El atacante encuentra una manera de lograr que un usuario autenticado visite su página especializada y haga clic en el botón/enlace. Como los valores reflejados incluidos en la URL no se sanitiza ni se escapan, esto permite la ejecución de payloads de Javascript arbitrarios. La versión 0.13.0 Beta 3 contiene un parche para este problema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-10 CVE Reserved
- 2023-10-30 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-11-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2023-190_Frigate | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Frigate Search vendor "Frigate" | Frigate Search vendor "Frigate" for product "Frigate" | <= 0.13.0 Search vendor "Frigate" for product "Frigate" and version " <= 0.13.0" | - |
Affected
| ||||||
| Frigate Search vendor "Frigate" | Frigate Search vendor "Frigate" for product "Frigate" | 0.13.0 Search vendor "Frigate" for product "Frigate" and version "0.13.0" | beta1 |
Affected
| ||||||
| Frigate Search vendor "Frigate" | Frigate Search vendor "Frigate" for product "Frigate" | 0.13.0 Search vendor "Frigate" for product "Frigate" and version "0.13.0" | beta2 |
Affected
| ||||||