VDB
RHSA-2023%3A7197
RHSA-2023%3A7197
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials.
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-egress-dns-proxy@sha256:c1443c33368799e9e807463df771054220df237edcef9415250198c52171e2b0_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-egress-dns-proxy@sha256:c1443c33368799e9e807463df771054220df237edcef9415250198c52171e2b0_s390x, *, openshift4/ose-egress-dns-proxy@sha256:c1443c33368799e9e807463df771054220df237edcef9415250198c52171e2b0_s390x |
| Red Hat | openshift4/ose-local-storage-rhel9-operator@sha256:eb11e3d79f9cffe8560026bcbdebb3d31828dac23712ae7f1e10e7e1df21e81a_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-local-storage-rhel9-operator@sha256:eb11e3d79f9cffe8560026bcbdebb3d31828dac23712ae7f1e10e7e1df21e81a_arm64, openshift4/ose-local-storage-rhel9-operator@sha256:eb11e3d79f9cffe8560026bcbdebb3d31828dac23712ae7f1e10e7e1df21e81a_arm64 |
| Red Hat | openshift4/ose-ptp-rhel9@sha256:776228a1c516825a69b929d14957ca70d691036c549e5f831f99e1f42520b253_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-ptp-rhel9@sha256:776228a1c516825a69b929d14957ca70d691036c549e5f831f99e1f42520b253_arm64, * |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel9@sha256:09c5c795f2ffe5621167a53f4de96eeedd8796d877a144f1fdd83487a8c7d526_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-clusterresourceoverride-rhel9@sha256:09c5c795f2ffe5621167a53f4de96eeedd8796d877a144f1fdd83487a8c7d526_s390x, openshift4/ose-clusterresourceoverride-rhel9@sha256:09c5c795f2ffe5621167a53f4de96eeedd8796d877a144f1fdd83487a8c7d526_s390x, openshift4/ose-clusterresourceoverride-rhel9@sha256:09c5c795f2ffe5621167a53f4de96eeedd8796d877a144f1fdd83487a8c7d526_s390x |
| Red Hat | openshift4/ingress-node-firewall-rhel9@sha256:ff9dc2a7897fc0cb8802ebb7f7ce8cecdc6f6f948b507cdb1f6fd9f91cba4976_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ingress-node-firewall-rhel9@sha256:ff9dc2a7897fc0cb8802ebb7f7ce8cecdc6f6f948b507cdb1f6fd9f91cba4976_s390x, * |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:acb393393b7f2075833280eed683ff581312da3baf1406113cfcff12184fc5aa_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:acb393393b7f2075833280eed683ff581312da3baf1406113cfcff12184fc5aa_ppc64le, openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:acb393393b7f2075833280eed683ff581312da3baf1406113cfcff12184fc5aa_ppc64le |
| Red Hat | openshift4/ptp-must-gather-rhel8@sha256:8fc64a381a4f80cf2233a07f071797d6e9fe8d1c82d072fd0330c0b20c296efa_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel9-operator@sha256:7f6c0e4443099e523a1a75cd88ca2fd1de22ef7d21ad26ad6108ecfb0602d44a_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-clusterresourceoverride-rhel9-operator@sha256:7f6c0e4443099e523a1a75cd88ca2fd1de22ef7d21ad26ad6108ecfb0602d44a_ppc64le, openshift4/ose-clusterresourceoverride-rhel9-operator@sha256:7f6c0e4443099e523a1a75cd88ca2fd1de22ef7d21ad26ad6108ecfb0602d44a_ppc64le |
| Red Hat | openshift4/metallb-rhel9-operator@sha256:1303e54eaaa3503bd4482c47f725ab43da0a5f3ea4fdcf485531a366f8624df6_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/metallb-rhel9-operator@sha256:1303e54eaaa3503bd4482c47f725ab43da0a5f3ea4fdcf485531a366f8624df6_ppc64le, * |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel9@sha256:49dc372a9e08331aa4aaba83309e4e5e67ba93f09ea13fa6f1d78f0613d15614_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-clusterresourceoverride-rhel9@sha256:49dc372a9e08331aa4aaba83309e4e5e67ba93f09ea13fa6f1d78f0613d15614_amd64, openshift4/ose-clusterresourceoverride-rhel9@sha256:49dc372a9e08331aa4aaba83309e4e5e67ba93f09ea13fa6f1d78f0613d15614_amd64, * |
| Red Hat | openshift4/ose-egress-router@sha256:4c38503c5bad2c25a1984d457b42be96a636f85202b7c00d6b46ffbcfb69d6c7_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-egress-router@sha256:4c38503c5bad2c25a1984d457b42be96a636f85202b7c00d6b46ffbcfb69d6c7_s390x, *, openshift4/ose-egress-router@sha256:4c38503c5bad2c25a1984d457b42be96a636f85202b7c00d6b46ffbcfb69d6c7_s390x |
| Red Hat | openshift4/ose-egress-dns-proxy@sha256:c05567cc4bc6881034769e830a6d37f84c2e260d5ea73c9a0c447ffed363c5e7_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:c5974de46544139676e2951a17947410d67e401890ccd7b93625c583f6367166_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:c5974de46544139676e2951a17947410d67e401890ccd7b93625c583f6367166_arm64, openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:c5974de46544139676e2951a17947410d67e401890ccd7b93625c583f6367166_arm64, * |
| Red Hat | openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:0a73f7dc663a392152238f937bd93bbc0857406385a4fe83678f72c2e720dbd5_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:0a73f7dc663a392152238f937bd93bbc0857406385a4fe83678f72c2e720dbd5_arm64 |
| Red Hat | openshift4/sriov-cni-rhel9@sha256:b14c29f49c6c33b106ff831839672a87ced3f26dc63fb51ee78332eba5753081_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/sriov-cni-rhel9@sha256:b14c29f49c6c33b106ff831839672a87ced3f26dc63fb51ee78332eba5753081_ppc64le |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel9@sha256:bbe0d3a3c05760d419fc2acbe11bcc310c7f15b83202d136b0eddc4b5ec7fcb1_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-local-storage-mustgather-rhel9@sha256:bbe0d3a3c05760d419fc2acbe11bcc310c7f15b83202d136b0eddc4b5ec7fcb1_amd64, openshift4/ose-local-storage-mustgather-rhel9@sha256:bbe0d3a3c05760d419fc2acbe11bcc310c7f15b83202d136b0eddc4b5ec7fcb1_amd64 |
| Red Hat | openshift4/metallb-rhel9@sha256:6e3ef6523c134878f76bab0abc48c72c97e9f7f91ec95b39f93c1bc139e8c9c7_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/metallb-rhel9@sha256:6e3ef6523c134878f76bab0abc48c72c97e9f7f91ec95b39f93c1bc139e8c9c7_s390x, openshift4/metallb-rhel9@sha256:6e3ef6523c134878f76bab0abc48c72c97e9f7f91ec95b39f93c1bc139e8c9c7_s390x |
| Red Hat | openshift4/ose-local-storage-rhel9-operator@sha256:2a2d2c94a80ade385f74774deedf404660f3e675c94fd56aa59eabfecc8542aa_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:f61bea68b4e354e2d25daf162b1c8adeebcd8c413f21b2dd6ca943bb2d9cfa2b_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:f61bea68b4e354e2d25daf162b1c8adeebcd8c413f21b2dd6ca943bb2d9cfa2b_s390x, openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:f61bea68b4e354e2d25daf162b1c8adeebcd8c413f21b2dd6ca943bb2d9cfa2b_s390x |
| Red Hat | openshift4/ose-egress-http-proxy@sha256:b0e8398b265fe4312f07537a775b1cbf84b610e761417547f8a643d4fc604a83_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-egress-http-proxy@sha256:b0e8398b265fe4312f07537a775b1cbf84b610e761417547f8a643d4fc604a83_arm64, openshift4/ose-egress-http-proxy@sha256:b0e8398b265fe4312f07537a775b1cbf84b610e761417547f8a643d4fc604a83_arm64 |
…and 292 more
Timeline
- Feb 27, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 15, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7197 advisory
- https://access.redhat.com/security/updates/classification/#critical advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2228689 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2245180 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2251198 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2254210 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2258143 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2258165 issue
- https://issues.redhat.com/browse/OCPBUGS-12887 advisory
- https://issues.redhat.com/browse/OCPBUGS-18177 advisory
- https://issues.redhat.com/browse/OCPBUGS-18923 advisory
- https://issues.redhat.com/browse/OCPBUGS-19104 advisory
- https://issues.redhat.com/browse/OCPBUGS-19105 advisory
- https://issues.redhat.com/browse/OCPBUGS-19141 advisory
- https://issues.redhat.com/browse/OCPBUGS-19153 advisory
- https://issues.redhat.com/browse/OCPBUGS-19194 advisory
- https://issues.redhat.com/browse/OCPBUGS-19245 advisory
- https://issues.redhat.com/browse/OCPBUGS-19404 advisory
…and 52 more