Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 663609 - (CVE-2010-3906) CVE-2010-3906 Git (gitweb): XSS due to missing escaping of HTML element attributes
CVE-2010-3906 Git (gitweb): XSS due to missing escaping of HTML element attri...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20101215,reported=20101213,sou...
: Security
Depends On: 663612 663639 663640
Blocks:
  Show dependency treegraph
 
Reported: 2010-12-16 06:33 EST by Jan Lieskovsky
Modified: 2018-02-12 17:17 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-10 07:03:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:1003 normal SHIPPED_LIVE Moderate: git security update 2010-12-21 12:52:13 EST

  None (edit)
Description Jan Lieskovsky 2010-12-16 06:33:41 EST 
Cross-site scripting (XSS) flaw was found in the web
interface of Git distributed revision control system.
A remote attacker could use this flaw to execute arbitrary
HTML or scripting code by providing a certain URL
with specially-crafted values of f and fp variables.

References:
[1] http://www.bugsearch.net/en/11075/gitweb-1733-cross-site-scripting-cve-2010-3906.html?ref=3
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607248

Upstream changeset:
[3] http://repo.or.cz/w/git.git/commit/3017ed62f47ce14a959e2d315c434d4980cf4243

Public PoC (from [1]):
http://localhost/?p=foo/bar/ph33r.git;a=blobdiff;f=[XSS];fp=[XSS]
[XSS] => "><body onload="alert('xss')"> <a

Credit:
Emanuele 'emgent' Gentili
Comment 1 Jan Lieskovsky 2010-12-16 06:40:34 EST 
This issue affects the version of the git package, as shipped
with Red Hat Enterprise Linux 6.

--

This issue affects the versions of the git package, as shipped
with Fedora release of 13 and 14.

This issue affects the versions of the git package, as present
within EPEL-4 and EPEL-5 repositories.

Please schedule an update.
Comment 2 Jan Lieskovsky 2010-12-16 06:42:11 EST 
Created git tracking bugs for this issue

Affects: fedora-all [bug 663612]
Comment 4 Tomas Hoger 2010-12-16 15:36:46 EST 
Announcement of versions that fix this issue:
  http://www.spinics.net/lists/git/msg148037.html

Fixed in: 1.7.3.4, 1.7.2.5, 1.7.1.4, 1.7.0.9, 1.6.6.3, 1.6.5.9, 1.6.4.5
Comment 5 errata-xmlrpc 2010-12-21 12:52:19 EST 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:1003 https://rhn.redhat.com/errata/RHSA-2010-1003.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.