Bug 2196026 (CVE-2023-24539) - CVE-2023-24539 golang: html/template: improper sanitization of CSS values
Summary: CVE-2023-24539 golang: html/template: improper sanitization of CSS values
Keywords:
Status: NEW
Alias: CVE-2023-24539
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2203250 2196470 2196471 2196481 2196482 2196483 2196484 2196485 2196486 2196487 2196488 2196489 2196490 2196491 2196492 2203234 2203249 2203251 2207502 2207503 2207504 2207505 2207506 2207507 2207508 2207509 2207510 2207511 2207512 2207513 2207514 2207515 2207518 2207519 2207520 2207521 2207522 2207523 2221850
Blocks: 2193514
TreeView+ depends on / blocked
 
Reported: 2023-05-07 16:20 UTC by Anten Skrabec
Modified: 2023-11-14 15:17 UTC (History)
136 users (show)

Fixed In Version: golang 1.19.9, golang 1.20.4
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:3323 0 None None None 2023-05-25 12:26:09 UTC
Red Hat Product Errata RHSA-2023:3367 0 None None None 2023-06-07 01:51:04 UTC
Red Hat Product Errata RHSA-2023:3415 0 None None None 2023-05-31 19:38:19 UTC
Red Hat Product Errata RHSA-2023:3435 0 None None None 2023-06-05 09:29:04 UTC
Red Hat Product Errata RHSA-2023:3445 0 None None None 2023-06-05 14:08:22 UTC
Red Hat Product Errata RHSA-2023:3540 0 None None None 2023-06-13 15:32:37 UTC
Red Hat Product Errata RHSA-2023:3905 0 None None None 2023-06-28 15:43:03 UTC
Red Hat Product Errata RHSA-2023:3918 0 None None None 2023-06-29 00:59:28 UTC
Red Hat Product Errata RHSA-2023:4003 0 None None None 2023-07-10 08:51:40 UTC
Red Hat Product Errata RHSA-2023:4093 0 None None None 2023-07-20 17:29:00 UTC
Red Hat Product Errata RHSA-2023:4293 0 None None None 2023-07-27 01:14:05 UTC
Red Hat Product Errata RHSA-2023:4335 0 None None None 2023-08-08 00:36:39 UTC
Red Hat Product Errata RHSA-2023:4459 0 None None None 2023-08-08 11:30:19 UTC
Red Hat Product Errata RHSA-2023:4470 0 None None None 2023-08-03 14:12:36 UTC
Red Hat Product Errata RHSA-2023:4472 0 None None None 2023-08-03 15:51:34 UTC
Red Hat Product Errata RHSA-2023:4627 0 None None None 2023-08-14 01:02:57 UTC
Red Hat Product Errata RHSA-2023:4657 0 None None None 2023-08-23 00:18:03 UTC
Red Hat Product Errata RHSA-2023:4664 0 None None None 2023-08-16 14:09:49 UTC
Red Hat Product Errata RHSA-2023:5421 0 None None None 2023-10-03 18:50:07 UTC
Red Hat Product Errata RHSA-2023:5442 0 None None None 2023-10-04 13:07:55 UTC
Red Hat Product Errata RHSA-2023:5947 0 None None None 2023-10-26 00:47:55 UTC
Red Hat Product Errata RHSA-2023:6346 0 None None None 2023-11-07 08:13:44 UTC
Red Hat Product Errata RHSA-2023:6363 0 None None None 2023-11-07 08:14:20 UTC
Red Hat Product Errata RHSA-2023:6402 0 None None None 2023-11-07 08:16:05 UTC
Red Hat Product Errata RHSA-2023:6473 0 None None None 2023-11-07 08:17:20 UTC
Red Hat Product Errata RHSA-2023:6474 0 None None None 2023-11-07 08:17:56 UTC
Red Hat Product Errata RHSA-2023:6832 0 None None None 2023-11-08 18:49:31 UTC
Red Hat Product Errata RHSA-2023:6938 0 None None None 2023-11-14 15:16:44 UTC
Red Hat Product Errata RHSA-2023:6939 0 None None None 2023-11-14 15:17:28 UTC

Description Anten Skrabec 2023-05-07 16:20:32 UTC
Angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input.

Comment 2 Anten Skrabec 2023-05-09 09:56:41 UTC
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2196470]
Affects: fedora-all [bug 2196471]

Comment 20 errata-xmlrpc 2023-05-25 12:26:03 UTC
This issue has been addressed in the following products:

  Red Hat Developer Tools

Via RHSA-2023:3323 https://access.redhat.com/errata/RHSA-2023:3323

Comment 21 errata-xmlrpc 2023-05-31 19:38:14 UTC
This issue has been addressed in the following products:

  RHACS-4.0-RHEL-8

Via RHSA-2023:3415 https://access.redhat.com/errata/RHSA-2023:3415

Comment 23 errata-xmlrpc 2023-06-05 09:28:58 UTC
This issue has been addressed in the following products:

  RHACS-3.74-RHEL-8

Via RHSA-2023:3435 https://access.redhat.com/errata/RHSA-2023:3435

Comment 24 errata-xmlrpc 2023-06-05 14:08:17 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2023:3445 https://access.redhat.com/errata/RHSA-2023:3445

Comment 25 errata-xmlrpc 2023-06-07 01:50:57 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:3367 https://access.redhat.com/errata/RHSA-2023:3367

Comment 26 errata-xmlrpc 2023-06-13 15:32:31 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:3540 https://access.redhat.com/errata/RHSA-2023:3540

Comment 29 errata-xmlrpc 2023-06-28 15:42:56 UTC
This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.3.0-RHEL-9

Via RHSA-2023:3905 https://access.redhat.com/errata/RHSA-2023:3905

Comment 30 errata-xmlrpc 2023-06-29 00:59:22 UTC
This issue has been addressed in the following products:

  OADP-1.1-RHEL-8

Via RHSA-2023:3918 https://access.redhat.com/errata/RHSA-2023:3918

Comment 32 errata-xmlrpc 2023-07-10 08:51:34 UTC
This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 8
  Service Interconnect 1 for RHEL 9

Via RHSA-2023:4003 https://access.redhat.com/errata/RHSA-2023:4003

Comment 33 Debarshi Ray 2023-07-10 15:28:52 UTC
Were the bugs for this CVE created correctly?

I got bugs RHEL 8 bugs for toolbox for both the rolling (bug 2207514) and 4.0 (bug 2207509) module streams, but none for RHEL 9.  In comparison, I found a RHEL 8 podman bug for the 4.0 module stream (bug 2207507) and one for RHEL 9 (bug 2207522).  I also found a RHEL 9 bug for golang (bug 2203251).

So, it seems like RHEL 9 is affected, but then why is there no RHEL 9 toolbox bug?  There's no difference in toolbox across RHEL 8 and 9 that could be relevant to this CVE.

Comment 42 errata-xmlrpc 2023-07-20 17:28:56 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13
  Ironic content for Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:4093 https://access.redhat.com/errata/RHSA-2023:4093

Comment 43 errata-xmlrpc 2023-07-27 01:13:59 UTC
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2023:4293 https://access.redhat.com/errata/RHSA-2023:4293

Comment 46 errata-xmlrpc 2023-08-03 14:12:30 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.3 for RHEL 8

Via RHSA-2023:4470 https://access.redhat.com/errata/RHSA-2023:4470

Comment 47 errata-xmlrpc 2023-08-03 15:51:29 UTC
This issue has been addressed in the following products:

  RHOSS-1.29-RHEL-8

Via RHSA-2023:4472 https://access.redhat.com/errata/RHSA-2023:4472

Comment 48 errata-xmlrpc 2023-08-08 00:36:33 UTC
This issue has been addressed in the following products:

  CERT-MANAGER-1.10-RHEL-9

Via RHSA-2023:4335 https://access.redhat.com/errata/RHSA-2023:4335

Comment 49 errata-xmlrpc 2023-08-08 11:30:13 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:4459 https://access.redhat.com/errata/RHSA-2023:4459

Comment 50 errata-xmlrpc 2023-08-14 01:02:53 UTC
This issue has been addressed in the following products:

  MTA-6.2-RHEL-9
  MTA-6.2-RHEL-8

Via RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627

Comment 51 errata-xmlrpc 2023-08-16 14:09:42 UTC
This issue has been addressed in the following products:

  RHEL-9-CNV-4.13

Via RHSA-2023:4664 https://access.redhat.com/errata/RHSA-2023:4664

Comment 52 errata-xmlrpc 2023-08-23 00:17:58 UTC
This issue has been addressed in the following products:

  OSSO-1.1-RHEL-8

Via RHSA-2023:4657 https://access.redhat.com/errata/RHSA-2023:4657

Comment 53 errata-xmlrpc 2023-10-03 18:50:01 UTC
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.3 for RHEL 8

Via RHSA-2023:5421 https://access.redhat.com/errata/RHSA-2023:5421

Comment 54 errata-xmlrpc 2023-10-04 13:07:49 UTC
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8

Via RHSA-2023:5442 https://access.redhat.com/errata/RHSA-2023:5442

Comment 55 errata-xmlrpc 2023-10-26 00:47:49 UTC
This issue has been addressed in the following products:

  RODOO-1.0-RHEL-8

Via RHSA-2023:5947 https://access.redhat.com/errata/RHSA-2023:5947

Comment 56 errata-xmlrpc 2023-11-07 08:13:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6346 https://access.redhat.com/errata/RHSA-2023:6346

Comment 57 errata-xmlrpc 2023-11-07 08:14:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6363 https://access.redhat.com/errata/RHSA-2023:6363

Comment 58 errata-xmlrpc 2023-11-07 08:15:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6402 https://access.redhat.com/errata/RHSA-2023:6402

Comment 59 errata-xmlrpc 2023-11-07 08:17:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6473 https://access.redhat.com/errata/RHSA-2023:6473

Comment 60 errata-xmlrpc 2023-11-07 08:17:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6474 https://access.redhat.com/errata/RHSA-2023:6474

Comment 61 errata-xmlrpc 2023-11-08 18:49:24 UTC
This issue has been addressed in the following products:

  RHODF-4.14-RHEL-9

Via RHSA-2023:6832 https://access.redhat.com/errata/RHSA-2023:6832

Comment 62 errata-xmlrpc 2023-11-14 15:16:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6938 https://access.redhat.com/errata/RHSA-2023:6938

Comment 63 errata-xmlrpc 2023-11-14 15:17:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6939 https://access.redhat.com/errata/RHSA-2023:6939


Note You need to log in before you can comment on or make changes to this bug.