PT-2022-21074 · Red Hat · Red Hat Ansible Automation Platform
Oleg Sushchenko
+1
·
Published
2022-09-13
·
Updated
2023-02-12
·
CVE-2022-3205
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat Ansible Automation Platform versions 1.2 through 2.0
Description
The issue concerns cross-site scripting in the automation controller UI. Specifically, the project name is susceptible to XSS injection, which could lead to security issues.
Recommendations
For Red Hat Ansible Automation Platform versions 1.2 through 2.0, consider sanitizing user input for project names to prevent XSS injection until a patch is available. As a temporary workaround, restrict the ability to create or edit project names to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Ansible Automation Platform