PT-2018-13777 · Red Hat+1 · Foreman+1

Publicado

2018-12-07

Atualizado

2019-05-14

CVE-2018-16861

CVSS v3.1

7.6

Alta

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 1.18.3 Foreman versions prior to 1.19.1 Foreman versions prior to 1.20.0

Description A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users.

Recommendations For Foreman versions prior to 1.18.3, update to version 1.18.3 or later. For Foreman versions prior to 1.19.1, update to version 1.19.1 or later. For Foreman versions prior to 1.20.0, update to version 1.20.0 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2019-1386

CVE-2018-16861

RHSA-2019:1222

Produtos afetados

Alt Linux

Foreman

PT-2018-13777 · Red Hat+1 · Foreman+1

CVE-2018-16861

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7