Osmedeus, a popular workflow engine used in offensive security, is impacted by a critical Cross-Site Scripting (XSS) vulnerability (CVE-2024-51735).
When users view results generated by workflows that include the “summary” module, improperly sanitized HTML and Markdown content can lead to XSS, potentially escalating to remote command execution on the host server.
Vulnerability Details:
- CVE ID: CVE-2024-51735
- CVSS v4 Score: 8.7 (High)
- Severity Level: High
- Impact: Allows unauthenticated attackers to execute arbitrary commands on the host, leading to possible data compromise and system control.
- Affected Versions: ≤ 4.6.4
- Patched Version: None available as of today
The vulnerability exists due to improper filtering of input in Osmedeus’ report generation process, allowing XSS that escalates to RCE.
Exploitation steps:
- Using a workflow with a summary module, malicious code can be injected within the Spider Content section of the report due to inadequate filtering of special characters.
- When processed, the injected payload triggers XSS, which escalates to RCE.
A simple XSS payload, such as <script>alert(1)</script>, can be embedded in report content fields to prove that the application is vulnerable to executing unauthorized JavaScript.
For a full breakdown, read the GitHub Security Advisory.
Risk Assessment:
Given the high CVSS score and the potential for unauthorized server control, this vulnerability poses a significant risk to organizations using Osmedeus, especially in environments where sensitive data is processed or stored.
Mitigation Steps:
No official patch exists yet. Users are advised to add custom filtering measures or contact the developer to expedite patch creation.
As an interim solution, users should restrict access to the Osmedeus web server and implement strong input validation on all HTML and Markdown files.
Recommendation:
Clients using Osmedeus should monitor access to their server and implement additional security controls to limit exposure.
For more assistance, please reach out to OP Innovate’s incident response team for guidance and support in mitigating this vulnerability.
