CVE-2017-18635

Опубликовано: 25 сент. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

Ссылки

https://access.redhat.com/errata/RHSA-2020:0754
Third Party Advisory
https://bugs.launchpad.net/horizon/+bug/1656435
Issue Tracking
Third Party Advisory
https://github.com/ShielderSec/cve-2017-18635
Third Party Advisory
https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
Patch
Third Party Advisory
https://github.com/novnc/noVNC/issues/748
Patch
Third Party Advisory
https://github.com/novnc/noVNC/releases/tag/v0.6.2
Release Notes
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4522-1/
Third Party Advisory
https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/
Exploit
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0754
Third Party Advisory
https://bugs.launchpad.net/horizon/+bug/1656435
Issue Tracking
Third Party Advisory
https://github.com/ShielderSec/cve-2017-18635
Third Party Advisory
https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
Patch
Third Party Advisory
https://github.com/novnc/noVNC/issues/748
Patch
Third Party Advisory
https://github.com/novnc/noVNC/releases/tag/v0.6.2
Release Notes
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4522-1/
Third Party Advisory
https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:novnc:novnc:*:*:*:*:*:*:*:*

Версия до 0.6.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Конфигурация 4

cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.07253

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-18635

CVSS3: 6.1

ubuntu

больше 6 лет назад

CVE-2017-18635

CVSS3: 6.1

redhat

около 7 лет назад

CVE-2017-18635

CVSS3: 6.1

debian

больше 6 лет назад

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the ...

GHSA-49rv-g7w5-m8xx

CVSS3: 6.1

github

больше 5 лет назад

Cross-Site Scripting in @novnc/novnc

EPSS

Процентиль: 91%

0.07253

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79