Описание
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-10179
- https://access.redhat.com/errata/RHSA-2020:4847
- https://access.redhat.com/errata/RHSA-2021:0819
- https://access.redhat.com/errata/RHSA-2021:0851
- https://access.redhat.com/errata/RHSA-2021:0975
- https://access.redhat.com/security/cve/CVE-2019-10179
- https://bugzilla.redhat.com/show_bug.cgi?id=1695901
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10179
Связанные уязвимости
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
A vulnerability was found in all pki-core 10.x.x versions, where the K ...
ELSA-2021-0851: pki-core security and bug fix update (IMPORTANT)