Bug 1320942 (CVE-2016-3080)
| Summary: | CVE-2016-3080 spacewalk-monitoring: XSS issue in monitoring probe | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bkearney, meissner, security-response-team, taw, thomas, tkasparek, tlestach |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed monitoring probes. An attacker can embed HTML and Javascript in the values for RHNMD User or Filesystem parameters in Satellite, allowing them to inject malicious content into the web page that is then displayed with that probe data.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-07-26 09:26:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1320461 | ||
| Bug Blocks: | 1320949 | ||
|
Description
Adam Mariš
2016-03-24 10:39:25 UTC
Acknowledgments: Name: Jan Hutař (Red Hat) This issue has been addressed in the following products: Red Hat Satellite 5.7 Via RHSA-2016:1484 https://rhn.redhat.com/errata/RHSA-2016-1484.html |