XSS/RCE vulnerability

Question

XSS/RCE vulnerability

MCOffSec opened this issue 4 years ago · 8 comments

During testing of this app I've discovered an XSS flaw that can lead to RCE. Is there a secure/[private place I can post details of the issue?

Answer 1 · 2020-07-07T10:58:27.000Z

Thanks @MCOffSec for doing this, it is appreciated. Just checking that you mean specifically the desktop application and not the web application at https://github.com/OWASP/threat-dragon ?

For both repos you can email mike.goodwin@owasp.org using the PGP key at the bottom of the README.md file in either repo

Thanks again, Jon

Answer 2 · 2020-07-27T14:00:11.000Z

just checking you received the details via the Flowcrypt page?

Answer 3 · 2020-07-27T16:47:18.000Z

@mike-goodwin should have received it? Mike can you confirm?

Answer 4 · 2020-07-28T09:55:53.000Z

Hello @MCOffSec - can you give an idea (without disclosure) of how severe this vuln is? Is it exploitable within the desktop application, or is it more targeted towards the online web app at https://github.com/OWASP/threat-dragon ?

Answer 5 · 2020-07-28T10:01:23.000Z

Sure, it impacts the desktop version of the application and requires the user to load a maliciously crafted file in the app then click a commonly used button within the tool.

Answer 6 · 2020-07-28T10:24:13.000Z

OK, thanks @MCOffSec , understood. Do you have a fix for this? We are about to release version 1.3 - something like early August, so it would be good to have a fix in place. Many thanks, Jon

Answer 7 · 2020-07-28T10:27:00.000Z

This TD repo was migrated to the OWASP organisation repo at https://github.com/OWASP/threat-dragon-desktop/issues . I can duplicate this issue there, where the fix will be applied, or do you want to raise this issue in that repo? You get github credit if you do :-)

Answer 8 · 2020-07-28T14:00:31.000Z

I can raise it there, its not a problem :)