Follow

CVE-2020-11022/CVE-2020-11023: JQuery XSS vulnerabilities impact on Vectra Cognito

CVE details and related advisories

1. https://www.tenable.com/cve/CVE-2020-11022

Vendor advisory: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

 

2. https://www.tenable.com/cve/CVE-2020-11023

Vendor advisory: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

 

Vectra response 

Both issues are assigned medium severity (6.1-6.9) and low to medium impact (3-5) and low exploitability (1.6-3) scores.

 

For our use case (Cognito UI) we consider it low risk since:

  1. XSS in general are considered low risk, unless when they are chained with other vulnerabilities, which we’re not aware of at the moment.
  2. Cognito UI requires authenticated access for most of its functions. The exploitation of this XSS is customer protected (authorized users of Cognito).
  3. As for un-authenticated vectors:
    1. As far as we know the login screen is not affected by the jQuery vulnerabilities in question;
    2. One possible way of getting un-authenticated data into Cognito UI is from the network (e.g. a hostname or something displayed in the detection detail etc.). 

We sanitize and/or escape any HTML tags in all such data before it is displayed in the UI.

 

Was this article helpful?
0 out of 0 found this helpful

Download PDF

0 Comments

Article is closed for comments.