Proof of Concept (PoC) for CVE-2024-49379 This repository contains a Python-based Proof of Concept (PoC) for a critical vulnerability identified in UmbrelOS. The vulnerability allows for Cross-Site Scripting (XSS), which can escalate to Remote Code Execution (RCE) under specific conditions. Overview CVE: CVE-2024-49379 Severity: Critical Vulnerability Type: Cross-Site Scripting (XSS) leading to Remote Code Execution (RCE) Affected Software: UmbrelOS versions prior to 1.2.2 Discoverer: Peter Stöckli (@p-) and the GitHub Security Lab team The issue was identified in the login functionality, specifically in how the redirect query parameter is handled. A malicious payload can be injected, allowing unauthorized JavaScript execution in the context of a user's session. Details The vulnerability exists due to improper input validation and unchecked flows from the redirect query parameter into sensitive browser sink functions, such as window.location.href. This flaw permits an attacker to inject arbitrary JavaScript into a victim's session. Under certain conditions, this can be escalated to server-side command execution via the Umbrel terminal WebSocket interface. Key Exploitation Vector: A victim is tricked into accessing a malicious link containing the crafted payload in the redirect parameter. The payload executes upon login, enabling the attacker to access sensitive session data or perform further actions. Proof of Concept (PoC) This repository includes a Python script…Read More