CVE-2023-5562 in Analytics Platforminfo

Summary

by MITRE • 10/25/2023

An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by default. If the data to be displayed contains JavaScript this code is executed in the browser and can perform any operations that the current user is allowed to perform silently.




KNIME Analytics Platform already has configuration options with which sanitization of data can be actived, see https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal . However, these are off by default which allows for cross-site scripting attacks.


KNIME Analytics Platform 5.2.0 will enable sanitization by default. For all previous releases we recommend users to add the corresponding settings to the executor's knime.ini.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 10/25/2023

The vulnerability described in CVE-2023-5562 represents a critical cross-site scripting flaw in the KNIME Analytics Platform that affects versions prior to 5.2.0. This security weakness arises from an unsafe default configuration that fails to properly sanitize data displayed in JavaScript-based view nodes. The vulnerability specifically impacts environments where KNIME Analytics Platform operates as an executor for KNIME Server or KNIME Business Hub, creating a significant attack surface for malicious actors who can exploit the lack of proper input validation and sanitization.

The technical implementation of this vulnerability stems from the platform's default behavior of displaying raw data without adequate sanitization processes. When JavaScript-based view nodes render data, they fail to strip or encode potentially malicious script content that may be present in the data being displayed. This creates a classic cross-site scripting scenario where malicious code embedded within data sets gets executed in the browser context of legitimate users. The flaw operates at the web application level and aligns with CWE-79 - Improper Neutralization of Input During Web Page Generation, which specifically addresses the failure to sanitize user-supplied data before incorporating it into web pages.

The operational impact of this vulnerability extends beyond simple data corruption or display issues. Since the malicious JavaScript executes with the privileges of the current user, attackers can perform any operations that user is authorized to perform, potentially leading to data exfiltration, privilege escalation, or further exploitation within the platform. This risk is particularly severe in enterprise environments where KNIME Analytics Platform is used for sensitive data processing and analysis. The vulnerability affects the web portal administration functionality and represents a significant concern for organizations relying on KNIME for business intelligence and analytics workloads.

Security practitioners should note that KNIME has provided explicit configuration options to address this vulnerability through HTML sanitization features documented in their official administration guides. These settings, however, remain disabled by default in older versions, creating an inherent security risk for organizations that have not manually configured the platform. The remediation strategy involves enabling the HTML sanitization settings in the executor's knime.ini configuration file, with the platform's 5.2.0 release addressing this by making sanitization active by default. Organizations should implement a comprehensive security configuration management process to ensure all KNIME deployments properly enforce data sanitization controls, as outlined in the ATT&CK framework's T1059.007 - Command and Scripting Interpreter: JavaScript component, which emphasizes the importance of validating and sanitizing inputs to prevent script execution attacks.

Responsible

KNIME AG

Reservation

10/12/2023

Disclosure

10/25/2023

Moderation

accepted

CPE

ready

EPSS

0.00311

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!