CVE-2023-36474: 
NixOS vulnerability analysis and mitigation

Interactsh, an open-source tool for detecting out-of-band interactions, contained a subdomain takeover vulnerability in versions prior to 1.0.0 (CVE-2023-36474). The vulnerability was discovered in December 2021 and affected self-hosted Interactsh servers where CNAME entries for the 'app' subdomain were automatically created pointing to projectdiscovery.github.io by default (GitHub Advisory).

The vulnerability stemmed from the default configuration where Interactsh server would create CNAME entries for 'app.{domain}' pointing to projectdiscovery.github.io, intended for hosting the interactsh web client using GitHub pages. This misconfiguration occurred even when users had not configured a web client, making their subdomains vulnerable to takeover. The issue received a CVSS v3.1 base score of 6.1 MEDIUM from NVD and 8.2 HIGH from GitHub (NVD).

The vulnerability allowed attackers to host and execute arbitrary client-side code (cross-site scripting) in users' browsers when accessing the vulnerable subdomain. This could potentially lead to credential theft, cookie stealing, and damage to business credibility (Detectify Labs).

The vulnerability was fixed in Interactsh version 1.0.0 by making the CNAME entry optional rather than default. Users can update to the patched version using the command 'go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest'. The fix introduced a new flag (-app-cname) to control the CNAME behavior, which is disabled by default (GitHub PR).