Bug 1765660 (CVE-2017-18635) - CVE-2017-18635 novnc: XSS vulnerability via the messages propagated to the status field
Summary: CVE-2017-18635 novnc: XSS vulnerability via the messages propagated to the st...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-18635
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1765663 1765661 1765662 1767695 1767696 1767697 1788343
Blocks: 1765669
TreeView+ depends on / blocked
 
Reported: 2019-10-25 16:48 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-03-24 15:47 UTC (History)
26 users (show)

Fixed In Version: novnc 0.6.2
Doc Type: If docs needed, set a value
Doc Text:
An XSS vulnerability was discovered in noVNC in which arbitrary HTML could be injected into the noVNC web page. An attacker having access to a VNC server could use target host values in a crafted URL to gain access to secure information (such as VM tokens).
Clone Of:
Environment:
Last Closed: 2020-03-10 16:31:49 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:0754 0 None None None 2020-03-10 11:21:30 UTC
Red Hat Product Errata RHSA-2020:3247 0 None None None 2020-08-04 13:15:39 UTC

Description Guilherme de Almeida Suckevicz 2019-10-25 16:48:42 UTC 
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

Reference:
https://github.com/novnc/noVNC/issues/748

Upstream commit:
https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
Comment 1 Guilherme de Almeida Suckevicz 2019-10-25 16:49:00 UTC 
Created novnc tracking bugs for this issue:

Affects: epel-all [bug 1765662]
Affects: fedora-all [bug 1765661]
Affects: openstack-rdo [bug 1765663]
Comment 3 Summer Long 2019-11-01 05:03:16 UTC 
External References:

https://github.com/novnc/noVNC/releases/tag/v0.6.2
Comment 5 Summer Long 2019-11-01 05:48:37 UTC 
Mitigation:

There is no known mitigation for this issue, the flaw can only be resolved by applying updates.
Comment 7 errata-xmlrpc 2020-03-10 11:20:49 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)
  Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS

Via RHSA-2020:0754 https://access.redhat.com/errata/RHSA-2020:0754
Comment 8 Product Security DevOps Team 2020-03-10 16:31:49 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2017-18635
Comment 9 errata-xmlrpc 2020-08-04 13:15:37 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.4

Via RHSA-2020:3247 https://access.redhat.com/errata/RHSA-2020:3247
Note You need to log in before you can comment on or make changes to this bug.