Bug 1172934 (CVE-2014-7812) - CVE-2014-7812 Red Hat Satellite, Spacewalk: XSS in system-group
Summary: CVE-2014-7812 Red Hat Satellite, Spacewalk: XSS in system-group
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-7812
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Jan Hutař
URL:
Whiteboard:
Depends On: 1156307
Blocks: 1144629
TreeView+ depends on / blocked
 
Reported: 2014-12-11 06:27 UTC by Kurt Seifried
Modified: 2023-05-12 16:25 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-01-12 18:08:59 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0033 0 normal SHIPPED_LIVE Moderate: Red Hat Satellite 5.7.0 General Availability 2015-01-13 22:23:58 UTC

Description Kurt Seifried 2014-12-11 06:27:10 UTC 
Mickaël Gallier reports:

There are several stored XSS vulnerabilities in various fields in Satellite 
server, they can be exploited by using the REST API to send XML data 
containing malformed data. 

One of these is in the system-group handling. Please see CVE-014-7811 for 
the other vulnerabilities.
Comment 2 Kurt Seifried 2015-01-09 17:25:58 UTC 
Acknowledgement:

Red Hat would like to thank Mickaël Gallier for reporting this issue.
Comment 6 errata-xmlrpc 2015-01-12 17:12:51 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite Server v 5.7

Via RHSA-2015:0033 https://rhn.redhat.com/errata/RHSA-2015-0033.html
Comment 7 errata-xmlrpc 2015-01-13 17:27:14 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite Server v 5.7

Via RHSA-2015:0033 https://rhn.redhat.com/errata/RHSA-2015-0033.html
Note You need to log in before you can comment on or make changes to this bug.