VDB

CISA-2023-0119

CISA-2023-0119 PUBLISHED CVSS 5.4 MEDIUM

Reported by redhat · Published September 12, 2023

A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.

Risk Scores

CVSS 3.1
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersions
3.4.2, 3.5.1.16, 3.5.2
Red HatRed Hat Satellite 6.13 for RHEL 80:3.5.1.17-1.el8sat
Red HatRed Hat Satellite 6.13 for RHEL 80:3.5.1.17-1.el8sat
Red HatRed Hat Satellite 6.14 for RHEL 80:3.7.0.9-1.el8sat
Red HatRed Hat Satellite 6.14 for RHEL 80:3.7.0.9-1.el8sat
Red HatRed Hat Satellite 6.13 for RHEL 80:3.5.1.17-1.el8sat, 0:3.5.1.17-1.el8sat, 0:3.5.1.17-1.el8sat
3.6.0, 3.4.2, 3.5.1.16
Red HatRed Hat Satellite 6.14 for RHEL 8*, 0:3.7.0.9-1.el8sat, 0:3.7.0.9-1.el8sat

Timeline

  • Sep 12, 2023 CVE Published
  • Aug 2, 2024 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›