{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41127", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-15T15:53:28.323Z", "datePublished": "2024-08-02T14:46:21.941Z", "dateUpdated": "2024-08-02T16:52:08.440Z"}, "containers": {"cna": {"title": "Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-wcjf-5464-4wq9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-wcjf-5464-4wq9"}, {"name": "https://github.com/monkeytypegame/monkeytype/commit/29627fd0d5f152e2da59671987090ea0a5c29874", "tags": ["x_refsource_MISC"], "url": "https://github.com/monkeytypegame/monkeytype/commit/29627fd0d5f152e2da59671987090ea0a5c29874"}, {"name": "https://securitylab.github.com/advisories/GHSL-2024-167_monkeytype", "tags": ["x_refsource_MISC"], "url": "https://securitylab.github.com/advisories/GHSL-2024-167_monkeytype"}], "affected": [{"vendor": "monkeytypegame", "product": "monkeytype", "versions": [{"version": "< 24.30.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-08-02T14:46:21.941Z"}, "descriptions": [{"lang": "en", "value": "Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the Monkey CI workflow completes. When it runs, it will download an artifact uploaded by the triggering workflow and assign the contents of ./pr_num/pr_num.txt artifact to the steps.pr_num_reader.outputs.content WorkFlow variable. It is not validated that the variable is actually a number and later it is interpolated into a JS script allowing an attacker to change the code to be executed. This issue leads to pull-requests write access. This vulnerability is fixed in 24.30.0."}], "source": {"advisory": "GHSA-wcjf-5464-4wq9", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "monkeytype", "product": "monkeytype", "cpes": ["cpe:2.3:a:monkeytype:monkeytype:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "24.30.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T16:48:39.585270Z", "id": "CVE-2024-41127", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T16:52:08.440Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41127", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-15T15:53:28.323Z", "datePublished": "2024-08-02T14:46:21.941Z", "dateUpdated": "2024-08-02T16:52:08.440Z"}, "containers": {"cna": {"title": "Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-wcjf-5464-4wq9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-wcjf-5464-4wq9"}, {"name": "https://github.com/monkeytypegame/monkeytype/commit/29627fd0d5f152e2da59671987090ea0a5c29874", "tags": ["x_refsource_MISC"], "url": "https://github.com/monkeytypegame/monkeytype/commit/29627fd0d5f152e2da59671987090ea0a5c29874"}, {"name": "https://securitylab.github.com/advisories/GHSL-2024-167_monkeytype", "tags": ["x_refsource_MISC"], "url": "https://securitylab.github.com/advisories/GHSL-2024-167_monkeytype"}], "affected": [{"vendor": "monkeytypegame", "product": "monkeytype", "versions": [{"version": "< 24.30.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-08-02T14:46:21.941Z"}, "descriptions": [{"lang": "en", "value": "Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the Monkey CI workflow completes. When it runs, it will download an artifact uploaded by the triggering workflow and assign the contents of ./pr_num/pr_num.txt artifact to the steps.pr_num_reader.outputs.content WorkFlow variable. It is not validated that the variable is actually a number and later it is interpolated into a JS script allowing an attacker to change the code to be executed. This issue leads to pull-requests write access. This vulnerability is fixed in 24.30.0."}], "source": {"advisory": "GHSA-wcjf-5464-4wq9", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41127", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-02T16:48:39.585270Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:monkeytype:monkeytype:*:*:*:*:*:*:*:*"], "vendor": "monkeytype", "product": "monkeytype", "versions": [{"status": "affected", "version": "0", "lessThan": "24.30.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T16:52:04.068Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:monkeytype:monkeytype:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D09169A-F904-4F72-9084-912E77340CA1", "versionEndExcluding": "24.30.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the Monkey CI workflow completes. When it runs, it will download an artifact uploaded by the triggering workflow and assign the contents of ./pr_num/pr_num.txt artifact to the steps.pr_num_reader.outputs.content WorkFlow variable. It is not validated that the variable is actually a number and later it is interpolated into a JS script allowing an attacker to change the code to be executed. This issue leads to pull-requests write access. This vulnerability is fixed in 24.30.0."}, {"lang": "es", "value": "Monkeytype es una prueba de mecanograf\u00eda minimalista y personalizable. Monkeytype es vulnerable a la ejecuci\u00f3n de canalizaci\u00f3n envenenada mediante inyecci\u00f3n de c\u00f3digo en su flujo de trabajo de GitHub ci-failure-comment.yml, lo que permite a los atacantes obtener acceso de escritura a solicitudes de extracci\u00f3n. El flujo de trabajo ci-failure-comment.yml se activa cuando se completa el flujo de trabajo de Monkey CI. Cuando se ejecute, descargar\u00e1 un artefacto cargado por el flujo de trabajo desencadenante y asignar\u00e1 el contenido del artefacto ./pr_num/pr_num.txt a la variable de flujo de trabajo steps.pr_num_reader.outputs.content. No se valida que la variable sea en realidad un n\u00famero y luego se interpola en un script JS que permite a un atacante cambiar el c\u00f3digo a ejecutar. Este problema conduce al acceso de escritura de las solicitudes de extracci\u00f3n. Esta vulnerabilidad se solucion\u00f3 en 24.30.0."}], "id": "CVE-2024-41127", "lastModified": "2024-09-11T14:52:15.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-08-02T15:16:36.503", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/monkeytypegame/monkeytype/commit/29627fd0d5f152e2da59671987090ea0a5c29874"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-wcjf-5464-4wq9"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securitylab.github.com/advisories/GHSL-2024-167_monkeytype"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}