1285728 – (CVE-2015-7518) CVE-2015-7518 foreman: Stored XSS vulnerability in smart class parameters/variables

Bug 1285728 (CVE-2015-7518) - CVE-2015-7518 foreman: Stored XSS vulnerability in smart class parameters/variables

Summary: CVE-2015-7518 foreman: Stored XSS vulnerability in smart class parameters/var...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-7518
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1297040
Blocks:	1285735
TreeView+	depends on / blocked

Reported:	2015-11-26 10:56 UTC by Adam Mariš
Modified:	2019-09-29 13:40 UTC (History)
CC List:	24 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	A stored cross-site scripting (XSS) flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data.
Clone Of:
Environment:
Last Closed:	2016-02-15 18:05:08 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:0174	0	normal	SHIPPED_LIVE	Moderate: Satellite 6.1.7 security, bug and enhancement fix update	2016-02-15 20:50:32 UTC

Description Adam Mariš 2015-11-26 10:56:25 UTC

A stored XSS vulnerability was found in smart class parameters and variables that are displayed on the edit pages for hosts and groups. The values for fields can be set by any userwith granted permission to edit those parameters or variables. These fields can store any value which is shown unescaped on the edit pages, leading to a stored XSS vulnerability.

Upstream bug:

http://projects.theforeman.org/issues/12611

Comment 1 Adam Mariš 2015-12-10 14:42:54 UTC

Upstream patch:

https://github.com/theforeman/foreman/commit/32468bce938067b1bbde1c20257

Comment 3 errata-xmlrpc 2016-02-15 15:52:10 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.1

Via RHSA-2016:0174 https://access.redhat.com/errata/RHSA-2016:0174

Note You need to log in before you can comment on or make changes to this bug.

abaron
aortega
apevec
ayoung
bkearney
chrisw
cpelland
dallan
gkotton
jschluet
katello-bugs
lhh
lpeer
markmc
mburns
mmccune
ohadlevy
rbryant
rhos-maint
sclewis
tdecacqu
tjay
tlestach
yeylon