PT-2024-33538 · Suse · Suse Manager Server Module 4.3+3
Paolo Perego
·
Published
2024-11-18
·
Updated
2024-11-28
·
CVE-2024-49502
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
spacewalk-web versions prior to 5.0.15-150600.3.10.2
SUSE Manager Server Module 4.3 versions prior to 4.3.42-150400.3.52.1
Container suse/manager/5.0/x86 64/server versions prior to 5.0.15-150600.3.10.2
Description
A Cross-site Scripting (XSS) vulnerability is present in the Setup Wizard's HTTP Proxy credentials page in spacewalk-web. This issue allows attackers to attack users by providing specially crafted URLs to click.
Recommendations
For spacewalk-web versions prior to 5.0.15-150600.3.10.2, update to version 5.0.15-150600.3.10.2 or later.
For SUSE Manager Server Module 4.3 versions prior to 4.3.42-150400.3.52.1, update to version 4.3.42-150400.3.52.1 or later.
For Container suse/manager/5.0/x86 64/server versions prior to 5.0.15-150600.3.10.2, update to version 5.0.15-150600.3.10.2 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Container Suse/Manager/5.0/X86 64/Server
Suse Manager Server Module 4.3
Suse
Spacewalk-Web