2076794 – (CVE-2022-1414) CVE-2022-1414 3scale-system: script injection in multiple endpoints

Bug 2076794 (CVE-2022-1414) - CVE-2022-1414 3scale-system: script injection in multiple endpoints

Summary: CVE-2022-1414 3scale-system: script injection in multiple endpoints

Keywords:
Status:	NEW
Alias:	CVE-2022-1414
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2022860 (view as bug list)
Depends On:
Blocks:	2057985
TreeView+	depends on / blocked

Reported:	2022-04-19 20:33 UTC by Chess Hazlett
Modified:	2023-07-07 08:34 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Chess Hazlett 2022-04-19 20:33:10 UTC

3scale does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.

Comment 3 amackenz 2022-05-11 13:23:51 UTC

Are JIRA's always/sometimes created to correspond to bugzilla CVE issues?

I see many, but I don't know the rule and if I can "trust" on it, and that this one will be in JIRA.
It does sound similar to other CVEs I have seen in JIRA.

Comment 6 Chess Hazlett 2023-02-01 17:52:19 UTC

*** Bug 2022860 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.