Back to bug 1950479
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2021-04-16 17:35:28 UTC | CC | security-response-team | |
| Pedro Sampaio | 2021-04-16 17:36:25 UTC | Blocks | 1950483 | |
| Pedro Sampaio | 2021-04-16 17:36:46 UTC | Blocks | 1950484 | |
| Hardik Vyas | 2021-04-21 10:44:37 UTC | Blocks | 1950484 | |
| Sage McTaggart | 2021-04-23 20:41:42 UTC | Doc Text | A flaw was found in noobaa. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity. | |
| Sage McTaggart | 2021-04-30 20:45:16 UTC | Depends On | 1955812 | |
| Guilherme de Almeida Suckevicz | 2021-04-30 20:47:46 UTC | Summary | EMBARGOED nooba: Cross-site scripting vulnerability with nooba management URL | EMBARGOED CVE-2021-3529 nooba: Cross-site scripting vulnerability with nooba management URL |
| Alias | CVE-2021-3529 | |||
| Guilherme de Almeida Suckevicz | 2021-04-30 20:48:26 UTC | Blocks | 1955816 | |
| Sage McTaggart | 2021-05-07 20:54:06 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2021-3529 nooba: Cross-site scripting vulnerability with nooba management URL | CVE-2021-3529 noobaa: Cross-site scripting vulnerability with nooba management URL | ||
| Sage McTaggart | 2021-05-07 20:56:30 UTC | Comment | 0 | updated |
| Sage McTaggart | 2021-05-07 20:56:33 UTC | CC | amctagga | |
| Sage McTaggart | 2021-05-07 21:01:01 UTC | Depends On | 1943388 | |
| Sage McTaggart | 2021-05-07 21:18:43 UTC | Comment | 0 | updated |
| Sage McTaggart | 2021-05-07 21:18:46 UTC | Depends On | 1943388 | |
| Sage McTaggart | 2021-05-11 19:39:45 UTC | Summary | CVE-2021-3529 noobaa: Cross-site scripting vulnerability with nooba management URL | CVE-2021-3529 noobaa: Cross-site scripting vulnerability with noobaa management URL |
| Sage McTaggart | 2021-05-11 19:40:51 UTC | Doc Text | A flaw was found in noobaa. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity. | A flaw was found in noobaa-core. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity. |
| Summary | CVE-2021-3529 noobaa: Cross-site scripting vulnerability with noobaa management URL | CVE-2021-3529 noobaa-core: Cross-site scripting vulnerability with noobaa management URL | ||
| Sage McTaggart | 2021-05-25 18:27:43 UTC | CC | etamir, nbecker, ocs-bugs | |
| Sage McTaggart | 2021-05-25 18:30:05 UTC | Depends On | 1943388 | |
| Sage McTaggart | 2021-05-25 18:31:35 UTC | Depends On | 1955812 | |
| Sage McTaggart | 2021-05-27 19:12:56 UTC | Fixed In Version | noobaa 5.7.0 | |
| RaTasha Tillery-Smith | 2021-06-15 15:03:39 UTC | Doc Text | A flaw was found in noobaa-core. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity. | A flaw was found in noobaa-core. This flaw results in the name of an arbitrary URL copied into an HTML document as plain text between tags, including a potential payload script. The input is echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is to confidentiality, integrity, as well as system availability. |
| Red Hat Bugzilla | 2023-01-01 05:32:20 UTC | CC | amctagga | |
| Red Hat Bugzilla | 2023-01-31 22:27:07 UTC | CC | nbecker | |
| Red Hat Bugzilla | 2023-01-31 22:27:42 UTC | CC | etamir | |
| Red Hat Bugzilla | 2023-07-07 08:32:56 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team | |||
| Red Hat Bugzilla | 2023-08-03 08:28:42 UTC | CC | ocs-bugs |
Back to bug 1950479