Bug 1285728 - (CVE-2015-7518) CVE-2015-7518 foreman: Stored XSS vulnerability in smart class parameters/variables
CVE-2015-7518 foreman: Stored XSS vulnerability in smart class parameters/var...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20151126,repor...
: Security
Depends On: 1297040
Blocks: 1285735
  Show dependency treegraph
 
Reported: 2015-11-26 05:56 EST by Adam Mariš
Modified: 2016-04-26 18:17 EDT (History)
24 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A stored cross-site scripting (XSS) flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-02-15 13:05:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2015-11-26 05:56:25 EST
A stored XSS vulnerability was found in smart class parameters and variables that are displayed on the edit pages for hosts and groups. The values for fields can be set by any userwith granted permission to edit those parameters or variables. These fields can store any value which is shown unescaped on the edit pages, leading to a stored XSS vulnerability.

Upstream bug:

http://projects.theforeman.org/issues/12611
Comment 1 Adam Mariš 2015-12-10 09:42:54 EST
Upstream patch:

https://github.com/theforeman/foreman/commit/32468bce938067b1bbde1c20257
Comment 3 errata-xmlrpc 2016-02-15 10:52:10 EST
This issue has been addressed in the following products:

  Red Hat Satellite 6.1

Via RHSA-2016:0174 https://access.redhat.com/errata/RHSA-2016:0174

Note You need to log in before you can comment on or make changes to this bug.