Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

CVE-2021-28079

Description

When @theart42 and myself @4nqr34z, once again were looking into new software for a CTF box, we came across an injection in Jamovi that could lead to remote code execution.

TimeLine

When a user opens the document, the code is executed on the local machine.

Exploitation

Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered.

Code is executed under the privilege of the user.

POC video: https://youtu.be/x94W2kzoBbc

Mitigation

The developer has been notified and has an update version available.