Описание
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
Отчет
This issue affects the versions of foreman as shipped with Red Hat Satellite 6. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenStack Foreman | foreman | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | foreman | Will not fix | ||
| Red Hat Satellite 6.2 for RHEL 6 | candlepin | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | foreman | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | foreman-installer | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | foreman-proxy | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | foreman-selinux | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | gofer | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | katello | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | katello-agent | Fixed | RHBA-2016:1501 | 27.07.2016 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1264221foreman: XSS in hidden parameter value switcher
EPSS
Процентиль: 62%
0.00433
Низкий
4.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 6.1
nvd
больше 8 лет назад
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
CVSS3: 6.1
debian
больше 8 лет назад
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
CVSS3: 6.1
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
EPSS
Процентиль: 62%
0.00433
Низкий
4.3 Medium
CVSS2