CVE-2017-2661

Опубликовано: 21 мар. 2017

Источник: redhat

CVSS3: 6.1

EPSS Низкий

Описание

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

It was found that pcsd was vulnerable to reflected cross-site scripting (XSS) attacks while handling node names during creation or import of a cluster. An attacker could use this flaw to run javascript code in an authenticated session.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	pcs	Will not fix
Red Hat Enterprise Linux 7	pcs	Will not fix
Red Hat Storage 3	pcs	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1428948pcs: Improper node name field validation when creating clusters leads to XSS

EPSS

Процентиль: 60%

0.00397

Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2017-2661

CVSS3: 6.1

ubuntu

почти 8 лет назад

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

CVE-2017-2661

CVSS3: 6.1

nvd

почти 8 лет назад

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

CVE-2017-2661

CVSS3: 6.1

debian

почти 8 лет назад

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site s ...

GHSA-qc8r-mjjf-5j6v

CVSS3: 6.1

github

больше 3 лет назад

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

EPSS

Процентиль: 60%

0.00397

Низкий

6.1 Medium

CVSS3