Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-10221

Опубликовано: 03 фев. 2020
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.

A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.

Отчет

This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6pki-coreOut of support scope
Red Hat Enterprise Linux 7pki-coreFixedRHSA-2021:085116.03.2021
Red Hat Enterprise Linux 7.6 Extended Update Supportpki-coreFixedRHSA-2021:081915.03.2021
Red Hat Enterprise Linux 7.7 Extended Update Supportpki-coreFixedRHSA-2021:097523.03.2021
Red Hat Enterprise Linux 8pki-coreFixedRHSA-2020:484704.11.2020
Red Hat Enterprise Linux 8pki-depsFixedRHSA-2020:484704.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1732565pki-core: Reflected XSS in getcookies?url= endpoint in CA

EPSS

Процентиль: 70%
0.00669
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-10221

CVSS3: 4.3
ubuntu
около 5 лет назад

A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.

nvd логотип

CVE-2019-10221

CVSS3: 4.3
nvd
около 5 лет назад

A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.

debian логотип

CVE-2019-10221

CVSS3: 4.3
debian
около 5 лет назад

A Reflected Cross Site Scripting vulnerability was found in all pki-co ...

github логотип

GHSA-wfff-rc4w-hpx2

github
около 3 лет назад

A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.

oracle-oval логотип

ELSA-2021-0851

oracle-oval
больше 4 лет назад

ELSA-2021-0851: pki-core security and bug fix update (IMPORTANT)

EPSS

Процентиль: 70%
0.00669
Низкий

4.3 Medium

CVSS3