VDB
CISA-2023-0119
CISA-2023-0119
PUBLISHED
CVSS 5.4 MEDIUM
Reported by redhat · Published September 12, 2023
A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.
Risk Scores
CVSS 3.1
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 3.4.2, 3.5.1.16, 3.5.2 | ||
| Red Hat | Red Hat Satellite 6.13 for RHEL 8 | 0:3.5.1.17-1.el8sat |
| Red Hat | Red Hat Satellite 6.13 for RHEL 8 | 0:3.5.1.17-1.el8sat |
| Red Hat | Red Hat Satellite 6.14 for RHEL 8 | 0:3.7.0.9-1.el8sat |
| Red Hat | Red Hat Satellite 6.14 for RHEL 8 | 0:3.7.0.9-1.el8sat |
| Red Hat | Red Hat Satellite 6.13 for RHEL 8 | 0:3.5.1.17-1.el8sat, 0:3.5.1.17-1.el8sat, 0:3.5.1.17-1.el8sat |
| 3.6.0, 3.4.2, 3.5.1.16 | ||
| Red Hat | Red Hat Satellite 6.14 for RHEL 8 | *, 0:3.7.0.9-1.el8sat, 0:3.7.0.9-1.el8sat |
Timeline
- Sep 12, 2023 CVE Published
- Aug 2, 2024 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
References
- RHSA-2023:3387 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:6818 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2159104 issue-trackingx_refsource_REDHAT