Cross-Site Scripting Vulnerability in MITRE CALDERA Operations Tab
CVE-2022-40606

6.1MEDIUM

Key Information:

Vendor: Mitre
Status: Caldera
Vendor: CVE Published:; 17 October 2022

What is CVE-2022-40606?

A Cross-Site Scripting vulnerability exists in MITRE CALDERA, specifically in the Operations tab and the Debrief plugin. This vulnerability can be exploited through a carefully crafted operation name, allowing attackers to inject arbitrary scripts into web pages viewed by users. It is crucial for users of CALDERA to update to version 4.1.0 or later to mitigate this security risk.

References

https://github.com/mitre/caldera/releases/tag/4.1.0

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2022
Vulnerability Reserved
Sep 12, 2022

Mitre

What is CVE-2022-40606?

References

CVSS V3.1

Timeline