Interactsh server settings make users vulnerable to Subdomain Takeover
CVE-2023-36474

8.2HIGH

Key Information:

Vendor
Projectdiscovery
Status
Interactsh
Vendor
CVE Published:
28 June 2023

Summary

Interactsh, an open-source tool for detecting out-of-band interactions, has a vulnerability that allows subdomain takeover for the specific subdomain 'app.' Prior to version 1.0.0, Interactsh servers utilized default CNAME entries pointing to GitHub pages, which could lead to arbitrary client-side code execution through cross-site scripting when users visit the vulnerable subdomain. This risk occurs if users fail to configure a web client while having a CNAME entry set up. The issue has been resolved in version 1.0.0, which makes CNAME configurations optional.

Affected Version(s)

interactsh < 1.0.0

References

https://github.com/projectdiscovery/interactsh/security/a...
x_refsource_CONFIRM
https://github.com/projectdiscovery/interactsh/issues/136
x_refsource_MISC
https://github.com/projectdiscovery/interactsh/pull/155
x_refsource_MISC

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.