Описание
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.3.11 (исключая)
Одно из
cpe:2.3:a:redhat:ansible_automation_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_controller:4.4:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:a:redhat:ansible_automation_platform:2.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_developer:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_inside:1.1:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00579
Низкий
7.3 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-80
CWE-79
Связанные уязвимости
CVSS3: 7.3
redhat
больше 2 лет назад
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
CVSS3: 7.3
github
больше 2 лет назад
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
EPSS
Процентиль: 68%
0.00579
Низкий
7.3 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-80
CWE-79