Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1181472 - (CVE-2015-0284) CVE-2015-0284 Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
CVE-2015-0284 Red Hat Satellite: stored XSS in user details fields (incomplet...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20150303,repor...
: Security
: CVE-2016-2144 (view as bug list)
Depends On: 1181152 1314906
Blocks: 1181470 1305684
  Show dependency treegraph
 
Reported: 2015-01-13 04:26 EST by Vasyl Kaigorodov
Modified: 2016-04-04 13:02 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A cross-site scripting (XSS) flaw was found in how XML data was handled in Red Hat Satellite. A user able to use the XMLRPC API could exploit this flaw to perform XSS attacks against other Satellite users.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-04-04 13:02:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0590 normal SHIPPED_LIVE Moderate: spacewalk-java security update 2016-04-04 15:35:36 EDT

  None (edit)
Description Vasyl Kaigorodov 2015-01-13 04:26:29 EST 
Jan Hutař reports:

There is stored XSS vulnerability in user details field in Satellite server, they can be exploited by using the XMLRPC API to send XML data containing malformed data.
Comment 3 Kurt Seifried 2016-03-08 11:34:09 EST 
*** Bug 1315398 has been marked as a duplicate of this bug. ***
Comment 4 Kurt Seifried 2016-03-08 11:37:14 EST 
External reference:
spacewalk git dd418384171473c3e31386a1b4792f8c555dc744
spacewalk git f3792c79c1c251a49cc4e382be8591636326a794
Comment 5 Kurt Seifried 2016-03-17 12:25:45 EDT 
Acknowledgments:

Name: Jan Hutař (Red Hat)
Comment 6 errata-xmlrpc 2016-04-04 11:36:39 EDT 
This issue has been addressed in the following products:

  Red Hat Satellite 5.7

Via RHSA-2016:0590 https://rhn.redhat.com/errata/RHSA-2016-0590.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.