CVE-2024-55074
Published: 06 January 2025
Description
The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370.
Security Summary
CVE-2024-55074 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting the edit profile function in Grocy through version 4.3.0. It enables attackers to upload crafted HTML or SVG files, which can execute malicious scripts when viewed by other users. This issue is distinct from CVE-2024-8370 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.
An authenticated attacker with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. By uploading a malicious file via the edit profile feature, the attacker triggers stored XSS, which can lead to privilege escalation. This allows the attacker to gain higher-level access within the Grocy application, potentially compromising user data or administrative functions.
Advisories reference a detailed blog post at https://m10x.de/posts/2024/11/all-your-recipe-are-belong-to-us-part-1/3-stored-xss-csrf-and-broken-access-control-vulnerabilities-in-grocy/, which describes this stored XSS alongside related CSRF and broken access control issues in Grocy, though specific patch details are not outlined in the provided information.
Details
- CWE(s)