CVE-2023-3140UI Misrepresentation / Clickjacking in Business HUB

CWE-1021UI Misrepresentation / Clickjacking3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 63.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Knime Business HUBKnime Business HUB
Timeline
PublishedJun 7

Description

Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDknime/business_hub< 1.4.0
CVEListV5knime/knime_business_hub1.0.01.4.0

🔴Vulnerability Details

2
GHSA
GHSA-vhh4-6mxg-jm86: Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 12023-06-07
CVEList
KNIME Hub Web Application is vulnerable to clickjacking2023-06-07
CVE-2023-3140 — UI Misrepresentation / Clickjacking | cvebase