Описание
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.
A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.
Отчет
This flaw is considered Low, because it requires the attacker to first request or predict a valid nonce. Without a valid nonce, no arbitrary HTML will be sent back to the victim's browser.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | pki-core | Not affected | ||
| Red Hat Enterprise Linux 7 | pki-core | Fixed | RHSA-2021:0851 | 16.03.2021 |
| Red Hat Enterprise Linux 7.6 Extended Update Support | pki-core | Fixed | RHSA-2021:0819 | 15.03.2021 |
| Red Hat Enterprise Linux 7.7 Extended Update Support | pki-core | Fixed | RHSA-2021:0975 | 23.03.2021 |
| Red Hat Enterprise Linux 8 | pki-core | Fixed | RHSA-2020:4847 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | pki-deps | Fixed | RHSA-2020:4847 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
4.7 Medium
CVSS3
Связанные уязвимости
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x ...
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.
ELSA-2021-0851: pki-core security and bug fix update (IMPORTANT)
4.7 Medium
CVSS3