Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-14042

Опубликовано: 29 мая 2018
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Отчет

Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw. Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all. Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5bootstrap-sassNot affected
Red Hat 3scale API Management Platform 2bootstrapNot affected
Red Hat Decision Manager 7bootstrapWill not fix
Red Hat Enterprise Linux 7pki-coreWill not fix
Red Hat OpenStack Platform 10 (Newton)python-XStatic-Bootstrap-SCSSWill not fix
Red Hat OpenStack Platform 12 (Pike)python-XStatic-Bootstrap-SCSSWill not fix
Red Hat OpenStack Platform 14 (Rocky)python-XStatic-Bootstrap-SCSSAffected
Red Hat OpenStack Platform 8 (Liberty)python-XStatic-Bootstrap-SCSSWill not fix
Red Hat OpenStack Platform 9 (Mitaka)python-XStatic-Bootstrap-SCSSWill not fix
Red Hat Process Automation 7bootstrapWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1601617bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip

EPSS

Процентиль: 81%
0.017
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-14042

CVSS3: 6.1
ubuntu
почти 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

nvd логотип

CVE-2018-14042

CVSS3: 6.1
nvd
почти 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

debian логотип

CVE-2018-14042

CVSS3: 6.1
debian
почти 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the data-container prope ...

github логотип

GHSA-7mvr-5x2g-wfc8

CVSS3: 6.1
github
почти 7 лет назад

Bootstrap Cross-site Scripting vulnerability

rocky логотип

RLSA-2020:4670

rocky
больше 4 лет назад

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

EPSS

Процентиль: 81%
0.017
Низкий

6.1 Medium

CVSS3