Published: 11/03/2022 Updated: 03/06/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 385

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Swagger UI prior to 4.1.3 could allow a remote malicious user to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
smartbear swagger ui

Swagger UI version 413 user interface misrepresentation of information proof of concept exploit ...

CVE-2018-25031 Description: Swagger UI before 413 could allow a remote attacker to conduct spoofing attacks By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions Screenshot before attack: PoC: /indexhtml?configUrl=rawgithubusercontentcom/afine-com/CVE-2018-25031/main/pocjson /in

POC de Cross-Site Scripting no Swagger UI: CVE-2018-25031 utilizando Selenium em Python Este repositório contém um script em Python que demonstra uma prova de conceito (POC) de uma vulnerabilidade de Cross-Site Scripting (XSS) no Swagger UI, usando a biblioteca Selenium O objetivo dessa POC é identificar sites que são suscetíveis a essa vulne

.json and .yaml files used to exploit CVE-2018-25031

CVE-2018-25031 Description: Swagger UI before 413 could allow a remote attacker to conduct spoofing attacks By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions Screenshot before attack: PoC: /indexhtml?configUrl=rawgithubusercontentcom/afine-com/CVE-2018-25031/main/pocjson /in

CVE-2018-25031

CVE-2018-25031 tests

CVE-2018-25031 CVE-2018-25031 exploits tests Swagger UI before 413 could allow a remote attacker to conduct spoofing attacks By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions HowTo Find the documentation endpoint and add the parameter "configUrl" pointing to testjson or "url"

Exploit Swagger UI - User Interface (UI) Misrepresentation of Critical Information (CVE-2018-25031)

Exploit Swagger UI - CVE-2018-25031 Exploit Swagger UI - User Interface (UI) Misrepresentation of Critical Information (CVE-2018-25031) This exploit checks whether the Swagger UI used is susceptible to exploitation of the User Interface (UI) Misrepresentation of Critical Information vulnerability Requirements Python 3 Selenium Chrome Webdriver First use Install Selenium pip

PoC of CVE-2018-25031

CVE-2018-25031-PoC PoC of CVE-2018-25031

CVE-2018-25031 CVE-2018-25031 exploits tests Swagger UI before 413 could allow a remote attacker to conduct spoofing attacks By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions HowTo Find the documentation endpoint and add the parameter "configUrl" pointing to testjson or "url"

CWE-20 https://github.com/swagger-api/swagger-ui/issues/4872 https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3 https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885 https://security.netapp.com/advisory/ntap-20220407-0004/https://nvd.nist.gov https://packetstormsecurity.com/files/171941/Swagger-UI-4.1.3-Critical-Information-Misrepresentation.html https://github.com/afine-com/CVE-2018-25031

CVE-2018-25031

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect