1950275 – (CVE-2020-25864) CVE-2020-25864 consul: specially crafted KV entry could be used to perform a XSS attack

Bug 1950275 (CVE-2020-25864) - CVE-2020-25864 consul: specially crafted KV entry could be used to perform a XSS attack

Summary: CVE-2020-25864 consul: specially crafted KV entry could be used to perform a ...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-25864
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1950276
TreeView+	depends on / blocked

Reported:	2021-04-16 09:43 UTC by Marian Rehak
Modified:	2023-08-31 23:54 UTC (History)
CC List:	47 users (show)
Fixed In Version:	consul 1.10.0-beta1, consul 1.9.5, consul 1.8.10, consul 1.7.14
Doc Type:	If docs needed, set a value
Doc Text:	In consul a specially crafted KV (key/value store) entry could be used by attacker to perform a XSS (Cross Site Scripting) attack when viewed in the raw mode.
Clone Of:
Environment:
Last Closed:	2021-05-27 17:32:08 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2021-04-16 09:43:49 UTC

A specially crafted KV entry could be used to perform a XSS attack when viewed in the raw mode.

Upstream Reference:

https://github.com/hashicorp/consul/pull/10023

Comment 1 Przemyslaw Roguski 2021-04-16 12:35:34 UTC

I'm changing the flaw severity from Important to Moderate because this vulnerability doesn't classify for higher severity than Moderate.

Comment 2 Przemyslaw Roguski 2021-04-16 12:53:10 UTC

External References:

https://github.com/hashicorp/consul/pull/10023

Comment 4 Przemyslaw Roguski 2021-04-19 14:16:26 UTC

Successful exploit requires a specially crafted entry in KV Consul store (key/value store) and when viewed in RAW mode could be used to perform a XSS attack. This requires from potential attacker some knowledge about the environment.
This should be considered as Moderate impact flaw.

Comment 5 Stoyan Nikolov 2021-05-03 11:50:38 UTC

Statement:

OpenShift Container Platform (OCP) and OpenShift Service Mesh (OSSM) components ship only consul api which could be used for connection to consul service mesh solution, therefore are not affected by this flaw.

Some OpenShift Virtualization components reference consul in go.sum files, however none of the projects or container images depend on or ship consul, therefore are not affected by this flaw.

Comment 7 Product Security DevOps Team 2021-05-27 17:32:08 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-25864

Note You need to log in before you can comment on or make changes to this bug.

aileenc
alegrand
alitke
anpicker
aos-bugs
bbennett
bmontgom
chazlett
cnv-qe-bugs
drieden
eparis
erooth
fdeutsch
ggaughan
gghezzo
gmalinko
gparvin
janstey
jburrell
jhrozek
jochrist
jokerman
josorior
jramanat
jweiser
jwendell
jwon
kakkoyun
kconner
krizza
lcosic
mrogers
nstielau
pdhamdhe
pkrupa
rcernich
sbatsche
sejug
shardy
sponnaga
stcannon
stirabos
surbania
team-winc
thee
twalsh
xiyuan