Bug 1285728 (CVE-2015-7518) - CVE-2015-7518 foreman: Stored XSS vulnerability in smart class parameters/variables
Summary: CVE-2015-7518 foreman: Stored XSS vulnerability in smart class parameters/var...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-7518
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1297040
Blocks: 1285735
TreeView+ depends on / blocked
 
Reported: 2015-11-26 10:56 UTC by Adam Mariš
Modified: 2019-09-29 13:40 UTC (History)
24 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A stored cross-site scripting (XSS) flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data.
Clone Of:
Environment:
Last Closed: 2016-02-15 18:05:08 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0174 0 normal SHIPPED_LIVE Moderate: Satellite 6.1.7 security, bug and enhancement fix update 2016-02-15 20:50:32 UTC

Description Adam Mariš 2015-11-26 10:56:25 UTC
A stored XSS vulnerability was found in smart class parameters and variables that are displayed on the edit pages for hosts and groups. The values for fields can be set by any userwith granted permission to edit those parameters or variables. These fields can store any value which is shown unescaped on the edit pages, leading to a stored XSS vulnerability.

Upstream bug:

http://projects.theforeman.org/issues/12611

Comment 1 Adam Mariš 2015-12-10 14:42:54 UTC
Upstream patch:

https://github.com/theforeman/foreman/commit/32468bce938067b1bbde1c20257

Comment 3 errata-xmlrpc 2016-02-15 15:52:10 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.1

Via RHSA-2016:0174 https://access.redhat.com/errata/RHSA-2016:0174


Note You need to log in before you can comment on or make changes to this bug.