Bug 1950275 (CVE-2020-25864)

Summary: CVE-2020-25864 consul: specially crafted KV entry could be used to perform a XSS attack
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aileenc, alegrand, alitke, anpicker, aos-bugs, bbennett, bmontgom, chazlett, cnv-qe-bugs, drieden, eparis, erooth, fdeutsch, ggaughan, gghezzo, gmalinko, gparvin, janstey, jburrell, jhrozek, jochrist, jokerman, josorior, jramanat, jweiser, jwendell, jwon, kakkoyun, kconner, krizza, lcosic, mrogers, nstielau, pdhamdhe, pkrupa, rcernich, sbatsche, sejug, shardy, sponnaga, stcannon, stirabos, surbania, team-winc, thee, twalsh, xiyuan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: consul 1.10.0-beta1, consul 1.9.5, consul 1.8.10, consul 1.7.14 Doc Type: If docs needed, set a value
Doc Text:
In consul a specially crafted KV (key/value store) entry could be used by attacker to perform a XSS (Cross Site Scripting) attack when viewed in the raw mode.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-27 17:32:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1950276    

Description Marian Rehak 2021-04-16 09:43:49 UTC 
A specially crafted KV entry could be used to perform a XSS attack when viewed in the raw mode.

Upstream Reference:

https://github.com/hashicorp/consul/pull/10023
Comment 1 Przemyslaw Roguski 2021-04-16 12:35:34 UTC 
I'm changing the flaw severity from Important to Moderate because this vulnerability doesn't classify for higher severity than Moderate.
Comment 2 Przemyslaw Roguski 2021-04-16 12:53:10 UTC 
External References:

https://github.com/hashicorp/consul/pull/10023
Comment 4 Przemyslaw Roguski 2021-04-19 14:16:26 UTC 
Successful exploit requires a specially crafted entry in KV Consul store (key/value store) and when viewed in RAW mode could be used to perform a XSS attack. This requires from potential attacker some knowledge about the environment.
This should be considered as Moderate impact flaw.
Comment 5 Stoyan Nikolov 2021-05-03 11:50:38 UTC 
Statement:

OpenShift Container Platform (OCP) and OpenShift Service Mesh (OSSM) components ship only consul api which could be used for connection to consul service mesh solution, therefore are not affected by this flaw.

Some OpenShift Virtualization components reference consul in go.sum files, however none of the projects or container images depend on or ship consul, therefore are not affected by this flaw.
Comment 7 Product Security DevOps Team 2021-05-27 17:32:08 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-25864