Permissive Cross-domain Policy with Untrusted Domains

CVE-2021-34435

High

8.8/10

Summary

In Eclipse Theia 0.3.9 before 1.8.1 and 1.9.x before 1.9.0-next.2d422afd , the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-942 - Permissive Cross-domain Policy with Untrusted Domains

The software uses a cross-domain policy file that includes domains that should not be trusted.

References

Advisory
Issue
Pull request
Pull request

Advisory Timeline

Published Sep 01, 2021

Permissive Cross-domain Policy with Untrusted Domains

CVE-2021-34435

Summary

CWE-942 - Permissive Cross-domain Policy with Untrusted Domains

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS