Project

General

Profile

Actions
Copy link

Bug #16024

closed

Foreman form helpers do not escape JS when rendering label

Added by Marek Hulán over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Marek Hulán
Category:
Security
Target version:
1.12.2
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/3715
Fixed in Releases:
Found in Releases:
1.6.0
Red Hat JIRA:

Description

The issue was introduced in Foreman 1.6. There's only one dynamic :label => in Foreman that uses MailNotification name which we don't allow users to modify so there's no vulnerable code in Foreman. But remote execution plugin that rely on this label to be escaped. Setting to 1.12.2, feel free to reset. For REX this is pretty important though.

Related issues 1 (0 open1 closed)

Related to Foreman Remote Execution - Bug #16019: CVE-2016-6319 - Persistent XSS in job invocation form triggered by unescaped user input nameResolvedMarek Hulán08/09/2016Actions
Actions
Copy link
 #1

Updated by The Foreman Bot over 8 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3715 added
Actions
Copy link
 #2

Updated by Marek Hulán over 8 years ago

  • Category changed from Web Interface to Security
Actions
Copy link
 #3

Updated by Marek Hulán over 8 years ago

  • Related to Bug #16019: CVE-2016-6319 - Persistent XSS in job invocation form triggered by unescaped user input name added
Actions
Copy link
 #4

Updated by Marek Hulán over 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF