Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-1721

Опубликовано: 03 фев. 2020
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.

A flaw was found in the Key Recovery Authority (KRA) Agent Service where it did not properly sanitize the recovery ID during a key recovery request, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.

Отчет

This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1777579pki-core: KRA vulnerable to reflected XSS via the getPk12 page

EPSS

Процентиль: 74%
0.0083
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-1721

CVSS3: 6.1
ubuntu
около 4 лет назад

A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.

nvd логотип

CVE-2020-1721

CVSS3: 6.1
nvd
около 4 лет назад

A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.

debian логотип

CVE-2020-1721

CVSS3: 6.1
debian
около 4 лет назад

A flaw was found in the Key Recovery Authority (KRA) Agent Service in ...

github логотип

GHSA-j9fq-77vj-2ww7

github
около 3 лет назад

A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.

oracle-oval логотип

ELSA-2021-0851

oracle-oval
больше 4 лет назад

ELSA-2021-0851: pki-core security and bug fix update (IMPORTANT)

EPSS

Процентиль: 74%
0.0083
Низкий

4.3 Medium

CVSS3