Bug 2256831 (CVE-2023-3726) - CVE-2023-3726 ocsinventory-agent: stored XSS
Summary: CVE-2023-3726 ocsinventory-agent: stored XSS
Keywords:
Status: NEW
Alias: CVE-2023-3726
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2256832 2256833
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-01-04 16:27 UTC by Nick Tait
Modified: 2024-01-04 17:46 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A cross-site scripting (XSS) vulnerability has been identified in OCSInventory, which could potentially allow a remote attacker to steal sensitive data such as session cookies. It is also possible to steal the password hash if the attacker changes the server state to debug. Exploitation is possible if the target is an administrator which is logged at the time of the attack.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Nick Tait 2024-01-04 16:27:07 UTC
OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.

https://fluidattacks.com/advisories/creed/
https://ocsinventory-ng.org/

Comment 1 Nick Tait 2024-01-04 16:27:25 UTC
Created ocsinventory-agent tracking bugs for this issue:

Affects: epel-all [bug 2256832]
Affects: fedora-all [bug 2256833]

Comment 3 Pat Riehecky 2024-01-04 16:35:24 UTC
Per https://fluidattacks.com/advisories/creed/ the vulnerability only impacts OCSInventory-ocsreports which is not part of ocsinventory-agent.

I don't think there is anything required from the ocsinventory-agent side on this.

Comment 4 Nick Tait 2024-01-04 17:27:53 UTC
Okay, that was my unfamiliarity with this package. Sorry for the spam. Please close as not affected.

Comment 5 Pat Riehecky 2024-01-04 17:46:50 UTC
Honestly, I'm pretty happy this happened as it shows more eyes than just mine are looking out :)


Note You need to log in before you can comment on or make changes to this bug.