Bug 2244345 (CVE-2023-5590)
| Summary: | CVE-2023-5590 selenium: potential null pointer access in CookieManager | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aileenc, asoldano, ataylor, bbaranow, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, cmiranda, darran.lofthouse, dhanak, dkreling, dosoudil, drichtar, eric.wittmann, fjuma, fmongiar, gmalinko, ibek, ivassile, iweiss, janstey, jnethert, jrokos, jross, kverlaen, lgao, mnovotny, mosmerov, msochure, mstefank, msvehla, mulliken, nwallace, pantinor, pcongius, pdelbell, pdrozd, peholase, pjindal, pmackay, pskopek, rguimara, rkieley, rowaters, rstancel, smaestri, sthorger, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selenium 4.14.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A null pointer dereference flaw was found in Selenium IEDriver. This issue causes the driver to crash when selenium gets the cookies from an attacker controlled page, which could leave the application unavailable.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2244347 | ||
|
Description
Avinash Hanwate
2023-10-16 04:29:42 UTC
|