Описание
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.
A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.
Отчет
This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | pki-core | Out of support scope | ||
| Red Hat Enterprise Linux 7 | pki-core | Fixed | RHSA-2021:0851 | 16.03.2021 |
| Red Hat Enterprise Linux 7.6 Extended Update Support | pki-core | Fixed | RHSA-2021:0819 | 15.03.2021 |
| Red Hat Enterprise Linux 7.7 Extended Update Support | pki-core | Fixed | RHSA-2021:0975 | 23.03.2021 |
| Red Hat Enterprise Linux 8 | pki-core | Fixed | RHSA-2020:4847 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | pki-deps | Fixed | RHSA-2020:4847 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.
A Reflected Cross Site Scripting vulnerability was found in all pki-co ...
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.
ELSA-2021-0851: pki-core security and bug fix update (IMPORTANT)
4.3 Medium
CVSS3