Untriaged
Permalink
CVE-2023-0119
5.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
Foreman: stored cross-site scripting in host tab
A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.
References
- RHSA-2023:3387 vendor-advisory x_refsource_REDHAT
- RHSA-2023:6818 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-0119 x_refsource_REDHAT vdb-entry
- RHBZ#2159104 issue-tracking x_refsource_REDHAT
- https://projects.theforeman.org/issues/35977
- RHSA-2023:3387 vendor-advisory x_refsource_REDHAT
- RHSA-2023:6818 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-0119 x_refsource_REDHAT vdb-entry
- RHBZ#2159104 issue-tracking x_refsource_REDHAT
- https://projects.theforeman.org/issues/35977
- RHSA-2023:3387 vendor-advisory x_refsource_REDHAT
- RHSA-2023:6818 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-0119 x_refsource_REDHAT vdb-entry
- RHBZ#2159104 issue-tracking x_refsource_REDHAT
- https://projects.theforeman.org/issues/35977
- RHSA-2023:3387 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2023:6818 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-0119 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2159104 issue-tracking x_refsource_REDHAT x_transferred
- https://projects.theforeman.org/issues/35977 x_transferred
Affected products
foreman
- ==3.5.1.16
- ==3.4.2
- ==3.5.2
- *
- ==3.6.0
Package maintainers
-
@zimbatm zimbatm <zimbatm@zimbatm.com>