Back to bug 1375147
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Martin Prpič | 2016-09-12 09:48:43 UTC | CC | security-response-team | |
| Martin Prpič | 2016-09-12 09:56:14 UTC | Blocks | 1375148 | |
| Dustin Schoenbrun | 2016-09-12 13:30:08 UTC | CC | dschoenb | |
| Tom Barron | 2016-09-13 14:40:28 UTC | CC | eharney | |
| Tom Barron | 2016-09-13 21:27:20 UTC | Status | NEW | ASSIGNED |
| Assignee | security-response-team | tbarron | ||
| Tom Barron | 2016-09-14 14:58:39 UTC | CC | vimartin | |
| Summer Long | 2016-09-14 22:23:42 UTC | Status | ASSIGNED | NEW |
| CC | slong | |||
| Assignee | tbarron | security-response-team | ||
| Summer Long | 2016-09-14 22:47:00 UTC | Depends On | 1376220 | |
| Summer Long | 2016-09-14 22:47:13 UTC | Depends On | 1376221 | |
| Summer Long | 2016-09-14 22:47:29 UTC | Depends On | 1376222 | |
| Summer Long | 2016-09-14 22:47:44 UTC | Depends On | 1376223 | |
| Summer Long | 2016-09-14 23:04:12 UTC | Whiteboard | impact=moderate,public=20160915,reported=20160909,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=4.7/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N,cwe=CWE-79,openstack-7/openstack-manila-ui=affected,openstack-8/openstack-manila-ui=affected,openstack-9/openstack-manila-ui=affected,openstack-10/openstack-manila-ui=affected,openstack-rdo/openstack-manila-ui=affected,fedora-23/openstack-manila-ui=affected | impact=moderate,public=20160915,reported=20160909,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=4.7/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N,cwe=CWE-79,openstack-7/openstack-manila-ui=affected,openstack-8/openstack-manila-ui=affected,openstack-9/openstack-manila-ui=affected,openstack-10/openstack-manila-ui=affected,openstack-rdo/openstack-manila-ui=affected,fedora-23/openstack-manila-ui=affected,fedora-all/openstack-manila-ui=affected |
| Summer Long | 2016-09-14 23:30:04 UTC | Whiteboard | impact=moderate,public=20160915,reported=20160909,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=4.7/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N,cwe=CWE-79,openstack-7/openstack-manila-ui=affected,openstack-8/openstack-manila-ui=affected,openstack-9/openstack-manila-ui=affected,openstack-10/openstack-manila-ui=affected,openstack-rdo/openstack-manila-ui=affected,fedora-23/openstack-manila-ui=affected,fedora-all/openstack-manila-ui=affected | impact=moderate,public=20160915,reported=20160909,source=distros,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cvss3=4.7/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N,cwe=CWE-79,openstack-7/openstack-manila-ui=affected,openstack-8/openstack-manila-ui=affected,openstack-9/openstack-manila-ui=affected,openstack-10/openstack-manila-ui=affected,openstack-rdo/openstack-manila-ui=affected,fedora-23/openstack-manila-ui=affected,fedora-all/openstack-manila-ui=affected |
| Summer Long | 2016-09-14 23:30:11 UTC | Whiteboard | impact=moderate,public=20160915,reported=20160909,source=distros,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cvss3=4.7/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N,cwe=CWE-79,openstack-7/openstack-manila-ui=affected,openstack-8/openstack-manila-ui=affected,openstack-9/openstack-manila-ui=affected,openstack-10/openstack-manila-ui=affected,openstack-rdo/openstack-manila-ui=affected,fedora-23/openstack-manila-ui=affected,fedora-all/openstack-manila-ui=affected | impact=moderate,public=20160915,reported=20160909,source=distros,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cvss3=4.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N,cwe=CWE-79,openstack-7/openstack-manila-ui=affected,openstack-8/openstack-manila-ui=affected,openstack-9/openstack-manila-ui=affected,openstack-10/openstack-manila-ui=affected,openstack-rdo/openstack-manila-ui=affected,fedora-23/openstack-manila-ui=affected,fedora-all/openstack-manila-ui=affected |
| Summer Long | 2016-09-15 00:13:20 UTC | Flags | needinfo?(tbarron) | |
| Tom Barron | 2016-09-15 16:26:54 UTC | Flags | needinfo?(tbarron) | |
| Summer Long | 2016-09-16 03:23:41 UTC | Summary | EMBARGOED CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field | CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field |
| Summer Long | 2016-09-16 03:23:48 UTC | Group | security, qe_staff | |
| Summer Long | 2016-09-16 03:28:02 UTC | Depends On | 1376642 | |
| Summer Long | 2016-09-16 03:28:15 UTC | Depends On | 1376643 | |
| Summer Long | 2016-09-16 03:28:24 UTC | Depends On | 1376644 | |
| Summer Long | 2016-09-22 01:04:44 UTC | Doc Text | A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges. | |
| Summer Long | 2016-09-25 23:52:23 UTC | CC | sparks | |
| Flags | needinfo?(sparks) | |||
| Eric Christensen | 2016-09-26 15:05:03 UTC | Flags | needinfo?(sparks) | |
| Summer Long | 2016-09-30 00:17:29 UTC | Flags | needinfo?(sparks) | |
| Eric Christensen | 2016-09-30 18:13:58 UTC | Flags | needinfo?(sparks) | |
| Eric Christensen | 2016-09-30 18:15:11 UTC | CC | sparks | |
| Summer Long | 2016-12-16 01:57:17 UTC | Whiteboard | impact=moderate,public=20160915,reported=20160909,source=distros,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cvss3=4.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N,cwe=CWE-79,openstack-7/openstack-manila-ui=affected,openstack-8/openstack-manila-ui=affected,openstack-9/openstack-manila-ui=affected,openstack-10/openstack-manila-ui=affected,openstack-rdo/openstack-manila-ui=affected,fedora-23/openstack-manila-ui=affected,fedora-all/openstack-manila-ui=affected | impact=moderate,public=20160915,reported=20160909,source=distros,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cvss3=4.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N,cwe=CWE-79,openstack-7/openstack-manila-ui=affected,openstack-8/openstack-manila-ui=affected,openstack-9/openstack-manila-ui=affected,openstack-10/openstack-manila-ui=notaffected,openstack-rdo/openstack-manila-ui=affected,fedora-23/openstack-manila-ui=affected,fedora-all/openstack-manila-ui=affected |
| Summer Long | 2016-12-16 02:02:40 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-12-15 21:02:40 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:56:12 UTC | Whiteboard | impact=moderate,public=20160915,reported=20160909,source=distros,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cvss3=4.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N,cwe=CWE-79,openstack-7/openstack-manila-ui=affected,openstack-8/openstack-manila-ui=affected,openstack-9/openstack-manila-ui=affected,openstack-10/openstack-manila-ui=notaffected,openstack-rdo/openstack-manila-ui=affected,fedora-23/openstack-manila-ui=affected,fedora-all/openstack-manila-ui=affected |
Back to bug 1375147