Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-4975

Опубликовано: 20 янв. 2025
Источник: redhat
CVSS3: 8.9

Описание

A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id="pdf-table"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability.

Отчет

To exploit this flaw, an attacker needs to be able to create a RHACS policy or an OpenShift cluster role with a specially crafted name. Additionally, the OpenShift cluster must be monitored by RHACS. To perform these actions, an attacker needs to be authenticated, limiting the possibility of this issue to be exploited. For this reason, this flaw has been rated with a Low severity.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Advanced Cluster Security 3advanced-cluster-security/rhacs-main-rhel8Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2071527RHACS: Cross-site scripting in portal

8.9 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-4975

CVSS3: 8.9
nvd
около 1 года назад

A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id="pdf-table"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability.

github логотип

GHSA-whw8-9r74-7rm5

CVSS3: 8.9
github
около 1 года назад

A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id="pdf-table"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability.

8.9 High

CVSS3