{
  "schema_version": "1.4.0",
  "id": "GHSA-xv6x-456v-24xh",
  "modified": "2022-12-30T00:58:09Z",
  "published": "2022-12-30T00:58:09Z",
  "aliases": [
    "CVE-2022-46181"
  ],
  "summary": "gotify/server vulnerable to Cross-site Scripting in the application image file upload",
  "details": "### Impact\n\nThe XSS vulnerability allows authenticated users to upload .html files. With that, an attacker could execute client side scripts **if** another user opened a link, such as:\n\n```\nhttps://push.example.org/image/[alphanumeric string].html\n```\n\nAn attacker could potentially take over the account of the user that clicked the link. Keep in mind, the Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a context outside of Gotify.\n\n### Patches\n\nThe vulnerability has been fixed in version 2.2.2.\n\n### Workarounds\n\nYou can block access to non image files via a reverse proxy in the `./image` directory.\n\n### References\n\nhttps://github.com/gotify/server/pull/534\nhttps://github.com/gotify/server/pull/535\n\n---\n\nThanks to rickshang (aka 无在无不在) for discovering and reporting this bug.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/gotify/server"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.2"
            }
          ]
        }
      ],
      "database_specific": {
        "last_known_affected_version_range": "<= 2.2.1"
      }
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46181"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gotify/server/pull/534"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gotify/server/pull/535"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gotify/server"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-30T00:58:09Z",
    "nvd_published_at": "2022-12-29T19:15:00Z"
  }
}