A flaw was found in recoveryID search field at KRA's DRM agent page in authorize recovery tab, this user input is not being sanitized and therefore it is vulnerable to a reflected XSS.
Acknowledgments: Name: Pritam Singh (Red Hat)
Statement: This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.
Created pki-core tracking bugs for this issue: Affects: fedora-all [bug 1797689]
Do you know if this was reported in the upstream issue tracker and there is a fix?
Upstream is aware. There is currently no fix. However, the security consequences are very limited. e.g. : Thanks to the webUI using client side TLS authentication, stealing a cookie will not be of much use to the attacker. At the moment, the only concerns are defacing. If/when there is a fix upstream, it will be posted on this bug tracker. I hope this helps!
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10179
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4847 https://access.redhat.com/errata/RHSA-2020:4847
Fixed by 8884b4344225bd6656876d9e2a58b3268e9a899b and a93a65be0b1bcf94e004ba59c6a0c8a2c086936f upstream.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:0819 https://access.redhat.com/errata/RHSA-2021:0819
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0851 https://access.redhat.com/errata/RHSA-2021:0851
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:0975 https://access.redhat.com/errata/RHSA-2021:0975