CVE-2023-0119

EPSS 0.23%
Veröffentlicht 12.09.2023 16:15:08
Zuletzt bearbeitet 21.11.2024 07:36:35
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Satellite Version6.13

Redhat ≫ Enterprise Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.459

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
secalert@redhat.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://access.redhat.com/errata/RHSA-2023:3387

Vendor Advisory

https://access.redhat.com/errata/RHSA-2023:6818

https://access.redhat.com/security/cve/CVE-2023-0119

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2159104

Vendor Advisory

Issue Tracking

https://projects.theforeman.org/issues/35977

https://nvd.nist.gov/vuln/detail/CVE-2023-0119

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0119

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0119

EUVD