A cross-site scripting (XSS) flaw was found in the Ganglia web interface. If a remote attacker could trick a user, who was logged into the Ganglia web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's Ganglia session. This issue affects the version of ganglia-web as shipped in Fedora. The fix for this issue does not apply to the older versions of ganglia-web as shipped in EPEL, so the EPEL versions are possibly not affected. References: https://github.com/ganglia/ganglia-web/issues/218 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507
Created ganglia tracking bugs for this issue: Affects: fedora-all [bug 1034528] Affects: epel-all [bug 1034529]
CVE request: http://www.openwall.com/lists/oss-security/2013/11/26/4
ganglia-3.6.0-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
ganglia-3.6.0-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
ganglia-3.6.0-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.