Summary
Use of JavaScript Library with Known Vulnerability
CVSS V3 Base 6.5 CVSS V3 Temporal 5.6 CVSS V3 Attack Vector Network
Details
The web application is using a JavaScript library that is known to contain at least one vulnerability.
PoC
leantime 2.3.23
Vulnerable javascript library: moment
version: 2.24.0
script uri: https://leantime-selfhost.com/js/compiled-extended-libs.2.3.23.min.js
Details:
CVE-2022-24785: Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale.
CVE-2022-31129: Moment.js is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocessRFC2822() function in from-string.js, when processing a very long crafted string (over 10k characters).
Found on the following pages (only first 10 pages are reported):
https://leantime-selfhost.com/auth/login?redirect=%2F.
https://leantime-selfhost.com/auth/login
https://leantime-selfhost.comauth/login?redirect=%2Fauth%2F.
https://leantime-selfhost.com/auth/resetPw
https://leantime-selfhost.com/auth/login?redirect=%2Fjs%2F.
https://leantime-selfhost.comauth/resetPw/
https://leantime-selfhost.com/auth/login?redirect=%2Fimages%2F.
https://leantime-selfhost.com/auth/login?redirect=%2Ftheme%2Fdefault%2Fcss%2F.
https://leantime-selfhost.com/auth/login?redirect=%2Fcss%2F.
https://leantime-selfhost.com/auth/login?redirect=%2Fapi%2F.
Impact
Attackers could potentially exploit the vulnerability in the JavaScript library. The impact of a successful exploit depends on the nature of the vulnerability and how the web application makes use of the library.
Solution
Please refer to the information provided in the response section. Also check the vendor's security advisories related to the vulnerable version of the library.
Solution: Moment.js version 2.29.2 has been released to address the issue. Please refer to Vendor Documentation (GHSA-8hfj-j24r-96c4, https://nvd.nist.gov/vuln/detail/CVE-2022-24785) for latest security updates.
Solution: Moment.js version 2.29.4 has been released to address the issue. Please refer to Vendor Documentation (GHSA-wc69-rhjr-hc9g, https://nvd.nist.gov/vuln/detail/CVE-2022-31129) for latest security updates.
Notes
Due to the limited usage of Moment.js this is a highly unlikely attack vector for Leantime. In any case moment.js was removed as of 3.0.0
Summary
Use of JavaScript Library with Known Vulnerability
CVSS V3 Base 6.5 CVSS V3 Temporal 5.6 CVSS V3 Attack Vector Network
Details
The web application is using a JavaScript library that is known to contain at least one vulnerability.
PoC
leantime 2.3.23
Vulnerable javascript library: moment
version: 2.24.0
script uri: https://leantime-selfhost.com/js/compiled-extended-libs.2.3.23.min.js
Details:
CVE-2022-24785: Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale.
CVE-2022-31129: Moment.js is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocessRFC2822() function in from-string.js, when processing a very long crafted string (over 10k characters).
Found on the following pages (only first 10 pages are reported):
https://leantime-selfhost.com/auth/login?redirect=%2F.
https://leantime-selfhost.com/auth/login
https://leantime-selfhost.comauth/login?redirect=%2Fauth%2F.
https://leantime-selfhost.com/auth/resetPw
https://leantime-selfhost.com/auth/login?redirect=%2Fjs%2F.
https://leantime-selfhost.comauth/resetPw/
https://leantime-selfhost.com/auth/login?redirect=%2Fimages%2F.
https://leantime-selfhost.com/auth/login?redirect=%2Ftheme%2Fdefault%2Fcss%2F.
https://leantime-selfhost.com/auth/login?redirect=%2Fcss%2F.
https://leantime-selfhost.com/auth/login?redirect=%2Fapi%2F.
Impact
Attackers could potentially exploit the vulnerability in the JavaScript library. The impact of a successful exploit depends on the nature of the vulnerability and how the web application makes use of the library.
Solution
Please refer to the information provided in the response section. Also check the vendor's security advisories related to the vulnerable version of the library.
Solution: Moment.js version 2.29.2 has been released to address the issue. Please refer to Vendor Documentation (GHSA-8hfj-j24r-96c4, https://nvd.nist.gov/vuln/detail/CVE-2022-24785) for latest security updates.
Solution: Moment.js version 2.29.4 has been released to address the issue. Please refer to Vendor Documentation (GHSA-wc69-rhjr-hc9g, https://nvd.nist.gov/vuln/detail/CVE-2022-31129) for latest security updates.
Notes
Due to the limited usage of Moment.js this is a highly unlikely attack vector for Leantime. In any case moment.js was removed as of 3.0.0