CVE-2024-10033

Опубликовано: 16 окт. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.

Ссылки

https://access.redhat.com/errata/RHSA-2024:8534
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-10033
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2319162
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:redhat:ansible_automation_platform:2.5:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ansible_developer:1.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ansible_inside:1.3:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00624

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-10033

CVSS3: 6.1

redhat

больше 1 года назад

GHSA-h596-hg59-cxrq

CVSS3: 5.4

github