Bug 1781001 (CVE-2019-19336) - CVE-2019-19336 ovirt-engine: response_type parameter allows reflected XSS
Summary: CVE-2019-19336 ovirt-engine: response_type parameter allows reflected XSS
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-19336
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1781002 1788050
Blocks: 1780456
TreeView+ depends on / blocked
 
Reported: 2019-12-09 04:39 UTC by Doran Moppert
Modified: 2021-02-16 20:56 UTC (History)
16 users (show)

Fixed In Version: ovirt 4.3.8
Doc Type: If docs needed, set a value
Doc Text:
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.
Clone Of:
Environment:
Last Closed: 2020-02-13 20:09:34 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:0498 0 None None None 2020-02-13 15:24:44 UTC
Red Hat Product Errata RHSA-2020:3247 0 None None None 2020-08-04 13:15:46 UTC

Description Doran Moppert 2019-12-09 04:39:25 UTC
A cross-site scripting vulnerability was reported in ovirt-engine's OAuth authorization endpoint. URL parameters would be included in the HTML response without escaping, allowing an attacker to craft malicious HTML pages that could run scripts in the context of the user's ovirt session.

References:

https://lists.ovirt.org/archives/list/announce@ovirt.org/thread/RHF4BJIIRVEW3PQVDLJTDZO5AARQWO6U/

Comment 4 Doran Moppert 2020-01-10 02:58:36 UTC
Acknowledgments:

Name: @_w4rr4nt_

Comment 5 errata-xmlrpc 2020-02-13 15:24:41 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.3

Via RHSA-2020:0498 https://access.redhat.com/errata/RHSA-2020:0498

Comment 6 Product Security DevOps Team 2020-02-13 20:09:34 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-19336

Comment 8 errata-xmlrpc 2020-08-04 13:15:44 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.4

Via RHSA-2020:3247 https://access.redhat.com/errata/RHSA-2020:3247


Note You need to log in before you can comment on or make changes to this bug.