Bug 2076794 (CVE-2022-1414)

Summary: CVE-2022-1414 3scale-system: script injection in multiple endpoints
Product: [Other] Security Response Reporter: Chess Hazlett <chazlett>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: amackenz, amasferr, chazlett, tjochec
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2057985    

Description Chess Hazlett 2022-04-19 20:33:10 UTC 
3scale does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.
Comment 3 amackenz 2022-05-11 13:23:51 UTC 
Are JIRA's always/sometimes created to correspond to bugzilla CVE issues?

I see many, but I don't know the rule and if I can "trust" on it, and that this one will be in JIRA.
It does sound similar to other CVEs I have seen in JIRA.
Comment 6 Chess Hazlett 2023-02-01 17:52:19 UTC 
*** Bug 2022860 has been marked as a duplicate of this bug. ***