VDB
RHSA-2023%3A7198
RHSA-2023%3A7198
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials.
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-csi-external-snapshotter-rhel9@sha256:dbc1d01c07d82ef9de2a5aadfe829fa2fbc4e3c502d55285d80fba2cdf9e2e9e_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/ose-csi-external-snapshotter-rhel9@sha256:dbc1d01c07d82ef9de2a5aadfe829fa2fbc4e3c502d55285d80fba2cdf9e2e9e_ppc64le |
| Red Hat | openshift4/ose-cluster-baremetal-operator-rhel9@sha256:604f501ad4812c8583c2899bdee750db2b60fa472a0f72432a0ed34fc8eed703_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-cluster-baremetal-operator-rhel9@sha256:604f501ad4812c8583c2899bdee750db2b60fa472a0f72432a0ed34fc8eed703_s390x, openshift4/ose-cluster-baremetal-operator-rhel9@sha256:604f501ad4812c8583c2899bdee750db2b60fa472a0f72432a0ed34fc8eed703_s390x |
| Red Hat | openshift4/egress-router-cni-rhel8@sha256:6c9d4266fc3a81515821436c68eac1e8e4e233fea923b8126998bf08038511af_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/egress-router-cni-rhel8@sha256:6c9d4266fc3a81515821436c68eac1e8e4e233fea923b8126998bf08038511af_s390x, openshift4/egress-router-cni-rhel8@sha256:6c9d4266fc3a81515821436c68eac1e8e4e233fea923b8126998bf08038511af_s390x, openshift4/egress-router-cni-rhel8@sha256:6c9d4266fc3a81515821436c68eac1e8e4e233fea923b8126998bf08038511af_s390x |
| Red Hat | openshift4/ose-multus-route-override-cni-rhel8@sha256:1f11d4136361a538d480b5106e3109643fffea79627f0f82a0d9463034cbf78f_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-multus-route-override-cni-rhel8@sha256:1f11d4136361a538d480b5106e3109643fffea79627f0f82a0d9463034cbf78f_arm64, openshift4/ose-multus-route-override-cni-rhel8@sha256:1f11d4136361a538d480b5106e3109643fffea79627f0f82a0d9463034cbf78f_arm64 |
| Red Hat | openshift4/ovirt-csi-driver-rhel8-operator@sha256:992c86825442e7e4801bdadad814cd8afca08d9f693da55320307418349e1f3c_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ovirt-csi-driver-rhel8-operator@sha256:992c86825442e7e4801bdadad814cd8afca08d9f693da55320307418349e1f3c_s390x, *, * |
| Red Hat | openshift4/ose-prometheus-config-reloader-rhel9@sha256:298020c336fdce989b516f29065932da3e4287f0b15c3c8dd811cedaf041d372_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-prometheus-config-reloader-rhel9@sha256:298020c336fdce989b516f29065932da3e4287f0b15c3c8dd811cedaf041d372_s390x, openshift4/ose-prometheus-config-reloader-rhel9@sha256:298020c336fdce989b516f29065932da3e4287f0b15c3c8dd811cedaf041d372_s390x, * |
| Red Hat | openshift4/ose-haproxy-router@sha256:d13a78f6da1a924beb5178da7e509335a38a918474f1b6f791dcdfd6d93239a4_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-haproxy-router@sha256:d13a78f6da1a924beb5178da7e509335a38a918474f1b6f791dcdfd6d93239a4_amd64, openshift4/ose-haproxy-router@sha256:d13a78f6da1a924beb5178da7e509335a38a918474f1b6f791dcdfd6d93239a4_amd64, openshift4/ose-haproxy-router@sha256:d13a78f6da1a924beb5178da7e509335a38a918474f1b6f791dcdfd6d93239a4_amd64 |
| Red Hat | openshift4/ose-cluster-config-api-rhel9@sha256:56226e2f354f1a12bf7dbed08a73e27e18600d3e79b3ea0542c0f32508ee52dc_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-cluster-config-api-rhel9@sha256:56226e2f354f1a12bf7dbed08a73e27e18600d3e79b3ea0542c0f32508ee52dc_amd64, openshift4/ose-cluster-config-api-rhel9@sha256:56226e2f354f1a12bf7dbed08a73e27e18600d3e79b3ea0542c0f32508ee52dc_amd64 |
| Red Hat | openshift4/ose-multus-cni@sha256:6981758a122958778a84a568977df38c643f9068b4bbd573134127f330c3cb45_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-multus-cni@sha256:6981758a122958778a84a568977df38c643f9068b4bbd573134127f330c3cb45_amd64, openshift4/ose-multus-cni@sha256:6981758a122958778a84a568977df38c643f9068b4bbd573134127f330c3cb45_amd64, openshift4/ose-multus-cni@sha256:6981758a122958778a84a568977df38c643f9068b4bbd573134127f330c3cb45_amd64 |
| Red Hat | openshift4/ose-cluster-kube-storage-version-migrator-rhel9-operator@sha256:64d5a4df7b9f9b7a0c272b09a1e9269821a67e533daf060de35ea1140ec5e057_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-cluster-kube-storage-version-migrator-rhel9-operator@sha256:64d5a4df7b9f9b7a0c272b09a1e9269821a67e533daf060de35ea1140ec5e057_ppc64le, openshift4/ose-cluster-kube-storage-version-migrator-rhel9-operator@sha256:64d5a4df7b9f9b7a0c272b09a1e9269821a67e533daf060de35ea1140ec5e057_ppc64le |
| Red Hat | openshift4/ose-openstack-cloud-controller-manager-rhel9@sha256:a2cc8b0c8ee7d119a49b7b7464ae2622f2e68a0c649aa5f7e4faea96013f1489_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-openstack-cloud-controller-manager-rhel9@sha256:a2cc8b0c8ee7d119a49b7b7464ae2622f2e68a0c649aa5f7e4faea96013f1489_s390x, openshift4/ose-openstack-cloud-controller-manager-rhel9@sha256:a2cc8b0c8ee7d119a49b7b7464ae2622f2e68a0c649aa5f7e4faea96013f1489_s390x |
| Red Hat | openshift4/ose-operator-registry-rhel9@sha256:7259b65d8ae04c89cf8c4211e4d9ddc054bb8aebc7f26fac6699b314dc40dbe3_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/ose-operator-registry-rhel9@sha256:7259b65d8ae04c89cf8c4211e4d9ddc054bb8aebc7f26fac6699b314dc40dbe3_amd64 |
| Red Hat | openshift4/ose-kube-state-metrics-rhel9@sha256:7c840bf1cfbcce34df248f96497efdf48d085ae2d2fcae89d8f82609f381168e_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-kube-state-metrics-rhel9@sha256:7c840bf1cfbcce34df248f96497efdf48d085ae2d2fcae89d8f82609f381168e_amd64, openshift4/ose-kube-state-metrics-rhel9@sha256:7c840bf1cfbcce34df248f96497efdf48d085ae2d2fcae89d8f82609f381168e_amd64 |
| Red Hat | openshift4/ose-cluster-image-registry-rhel9-operator@sha256:87c91ce9fedd37a6d76e112532cc9d702c707f29b7ed5c3241a38f4122db2b2f_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-cluster-image-registry-rhel9-operator@sha256:87c91ce9fedd37a6d76e112532cc9d702c707f29b7ed5c3241a38f4122db2b2f_amd64, openshift4/ose-cluster-image-registry-rhel9-operator@sha256:87c91ce9fedd37a6d76e112532cc9d702c707f29b7ed5c3241a38f4122db2b2f_amd64, openshift4/ose-cluster-image-registry-rhel9-operator@sha256:87c91ce9fedd37a6d76e112532cc9d702c707f29b7ed5c3241a38f4122db2b2f_amd64 |
| Red Hat | openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:bc1a14c2b5546549a57e95c2fa3e44e9efb4fc73d35c8adf1e3150fe13565963_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:bc1a14c2b5546549a57e95c2fa3e44e9efb4fc73d35c8adf1e3150fe13565963_amd64, openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:bc1a14c2b5546549a57e95c2fa3e44e9efb4fc73d35c8adf1e3150fe13565963_amd64, openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:bc1a14c2b5546549a57e95c2fa3e44e9efb4fc73d35c8adf1e3150fe13565963_amd64 |
| Red Hat | openshift4/ose-cluster-kube-scheduler-rhel9-operator@sha256:b077309e1e11f50c1805b8d430fd81e12781e2a9bbc50e4de61b8f34a5511761_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-cluster-kube-scheduler-rhel9-operator@sha256:b077309e1e11f50c1805b8d430fd81e12781e2a9bbc50e4de61b8f34a5511761_s390x, openshift4/ose-cluster-kube-scheduler-rhel9-operator@sha256:b077309e1e11f50c1805b8d430fd81e12781e2a9bbc50e4de61b8f34a5511761_s390x, openshift4/ose-cluster-kube-scheduler-rhel9-operator@sha256:b077309e1e11f50c1805b8d430fd81e12781e2a9bbc50e4de61b8f34a5511761_s390x |
| Red Hat | openshift4/ose-prometheus-node-exporter@sha256:2b6da183147ebef148b28a723cda9021ed1187f17635655288085b42806e48df_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-prometheus-node-exporter@sha256:2b6da183147ebef148b28a723cda9021ed1187f17635655288085b42806e48df_arm64, openshift4/ose-prometheus-node-exporter@sha256:2b6da183147ebef148b28a723cda9021ed1187f17635655288085b42806e48df_arm64, openshift4/ose-prometheus-node-exporter@sha256:2b6da183147ebef148b28a723cda9021ed1187f17635655288085b42806e48df_arm64 |
| Red Hat | openshift4/ose-cluster-olm-operator-rhel8@sha256:7f5d0890f1c9441d8ec11968d2fa94b55d94a573fd60dbbc682375af711d298f_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/ose-cluster-olm-operator-rhel8@sha256:7f5d0890f1c9441d8ec11968d2fa94b55d94a573fd60dbbc682375af711d298f_ppc64le |
| Red Hat | openshift4/ose-cluster-samples-rhel9-operator@sha256:8f2fb4d0dbc0a8a5fd9fd9bf7502399494c9e44dc23cf6b5ddd4e6a8723400fa_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-cluster-samples-rhel9-operator@sha256:8f2fb4d0dbc0a8a5fd9fd9bf7502399494c9e44dc23cf6b5ddd4e6a8723400fa_ppc64le, *, * |
| Red Hat | openshift4/ose-cluster-kube-apiserver-rhel9-operator@sha256:b2639f2485739dc14d2ab18032302c0cff4298882515dee7b5584b0342a63bd8_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
…and 1317 more
Exploit Intelligence
- Fast, parallel SSH discovery and security auditing across hosts and CIDR ranges: identifies SSH on any port in real time, then flags auth methods, weak crypto, Terrapin (CVE-2023-48795), and reused host keys. (github-poc-repo)
- Fast, parallel SSH discovery and security auditing across hosts and CIDR ranges: identifies SSH on any port in real time, then flags auth methods, weak crypto, Terrapin (CVE-2023-48795), and reused host keys. (github-poc)
- Mr-Whiskerss/SSH-Terrapin-Prefix-Truncation-Weakness-CVE-2023-48795-Checker (github-poc-repo)
- Mr-Whiskerss/SSH-Terrapin-Prefix-Truncation-Weakness-CVE-2023-48795-Checker (github-poc)
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc-repo)
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc)
- Plan v3 US-6: coredns-style fork fixture for Scanner E2E (CVE-2023-39325) (github-poc-repo)
- Plan v3 US-6: coredns-style fork fixture for Scanner E2E (CVE-2023-39325) (github-poc)
- Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795. (github-poc)
- Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795. (github-poc-repo)
…and 91 more exploits
Timeline
- Feb 27, 2024 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2023:7198 advisory
- https://access.redhat.com/security/updates/classification/#critical advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2178358 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2196656 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2224245 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2228689 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2235479 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2245180 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2251198 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2253323 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2253330 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2254210 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2256413 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2258143 issue
- https://issues.redhat.com/browse/OCPBUGS-10562 advisory
- https://issues.redhat.com/browse/OCPBUGS-10906 advisory
- https://issues.redhat.com/browse/OCPBUGS-11179 advisory
…and 1105 more