CVE-2022-41710 - Vulnerability Details - OpenCVE

Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Markdownify Project	Markdownify

Configuration 1 [-]

cpe:2.3:a:markdownify_project:markdownify:1.4.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://fluidattacks.com/advisories/noisestorm/
https://github.com/amitmerchant1990/electron-markdownify

History

Mon, 05 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published: 2022-11-03T00:00:00.000Z

Updated: 2025-05-05T13:26:00.910Z

Reserved: 2022-09-28T00:00:00.000Z

Link: CVE-2022-41710

Vulnrichment

Updated: 2024-08-03T12:49:43.741Z

NVD

Status : Modified

Published: 2022-11-03T20:15:31.567

Modified: 2025-05-05T14:15:24.913

Link: CVE-2022-41710

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41710", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "assignerShortName": "Fluid Attacks", "dateUpdated": "2025-05-05T13:26:00.910Z", "dateReserved": "2022-09-28T00:00:00.000Z", "datePublished": "2022-11-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2022-11-03T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them."}], "affected": [{"vendor": "n/a", "product": "Markdownify", "versions": [{"version": "1.4.1", "status": "affected"}]}], "references": [{"url": "https://github.com/amitmerchant1990/electron-markdownify"}, {"url": "https://fluidattacks.com/advisories/noisestorm/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Insecure or unset HTTP headers - Content-Security-Policy"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.741Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/amitmerchant1990/electron-markdownify", "tags": ["x_transferred"]}, {"url": "https://fluidattacks.com/advisories/noisestorm/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-552", "lang": "en", "description": "CWE-552 Files or Directories Accessible to External Parties"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-05T13:25:18.688681Z", "id": "CVE-2022-41710", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T13:26:00.910Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/amitmerchant1990/electron-markdownify", "tags": ["x_transferred"]}, {"url": "https://fluidattacks.com/advisories/noisestorm/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.741Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-41710", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-05T13:25:18.688681Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T13:25:55.623Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Markdownify", "versions": [{"status": "affected", "version": "1.4.1"}]}], "references": [{"url": "https://github.com/amitmerchant1990/electron-markdownify"}, {"url": "https://fluidattacks.com/advisories/noisestorm/"}], "descriptions": [{"lang": "en", "value": "Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Insecure or unset HTTP headers - Content-Security-Policy"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2022-11-03T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-41710", "state": "PUBLISHED", "dateUpdated": "2025-05-05T13:26:00.910Z", "dateReserved": "2022-09-28T00:00:00.000Z", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "datePublished": "2022-11-03T00:00:00.000Z", "assignerShortName": "Fluid Attacks"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:markdownify_project:markdownify:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D9AE5BF-9687-42C3-A6A0-A894817CD36A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them."}, {"lang": "es", "value": "Markdownify versi\u00f3n 1.4.1 permite a un atacante externo obtener de forma remota archivos locales arbitrarios en cualquier cliente que intente ver un archivo de Markdown malicioso a trav\u00e9s de Markdownify. Esto es posible porque la aplicaci\u00f3n no tiene una pol\u00edtica CSP (o al menos no es lo suficientemente estricta) y/o no valida adecuadamente el contenido de los archivos Markdown antes de renderizarlos."}], "id": "CVE-2022-41710", "lastModified": "2025-05-05T14:15:24.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-11-03T20:15:31.567", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://fluidattacks.com/advisories/noisestorm/"}, {"source": "[email protected]", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/amitmerchant1990/electron-markdownify"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://fluidattacks.com/advisories/noisestorm/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/amitmerchant1990/electron-markdownify"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-552"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}