Bug 1809444 (CVE-2023-1932)
Summary: | CVE-2023-1932 hibernate-validator: rendering of invalid html with SafeHTML leads to HTML injection and XSS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aazores, aileenc, akoufoud, alazarot, anstephe, asoldano, ataylor, avibelli, bbaranow, bbuckingham, bcourt, bgeorges, bkearney, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, chfoley, cmoulliard, darran.lofthouse, dhanak, dkreling, dosoudil, dpalmer, drichtar, eaguilar, ebaron, eglynn, ehelms, fjuma, gmalinko, gsmet, gvarsami, hhudgeon, ibek, ikanello, ivassile, iweiss, janstey, jawilson, jbalunas, jcoleman, jjoyce, jkang, jochrist, jolee, jpallich, jperkins, jrokos, jross, jschatte, jschluet, jscholz, jsherril, jstastny, jwon, kverlaen, kwills, ldimaggi, lgao, lhh, loleary, lpeer, lsvaty, lthon, lzap, mburns, mgarciac, mhulan, mkolesni, mnovotny, mosmerov, msochure, mstefank, msvehla, mulliken, nmoumoul, nwallace, orabin, pcreech, pdelbell, pdrozd, peholase, pgallagh, pgrist, pjindal, pmackay, pskopek, psotirop, rchan, rfreire, rguimara, rjerrido, rkieley, rowaters, rruss, rstancel, rsvoboda, rwagner, sclewis, scohen, scorneli, sdaley, security-response-team, sfroberg, slinaber, smaestri, sokeeffe, sthorger, swoodman, tcunning, theute, tom.jenkinson |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | hibernate-validator 6.2, hibernate-validator 7.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1817514 | ||
Bug Blocks: | 1809442 |
Description
Dhananjay Arunesh
2020-03-03 07:07:53 UTC
Statement: hibernate-validator is packaged with Red Hat OpenStack Platform 13.0's OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time. Supported versions of Satellite 6 embed vulnerable versions of hibernate-validator inside the candlepin component. However, the vulnerable functionality, SafeHtmlValidator, is not in use and therefore it is not possible to exploit it. |