CVE-2023-3140
Last modified
CVE-2023-3140 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Knime | Business Hub | < 1.4.0 |
References
- https://www.knime.com/security/advisories#CVE-2023-3140Vendor Advisory
- https://www.knime.com/security/advisories#CVE-2023-3140Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-3140?
How severe is CVE-2023-3140?
How do I fix CVE-2023-3140?
Are you affected by CVE-2023-3140?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST