Bug #6580

CVE-2014-3531 - XSS in operating system name / description

Added by Dominic Cleal over 3 years ago. Updated over 3 years ago.

Status:Closed
Priority:High
Assigned To:Daniel Lobato Garcia
Category:Security
Target version:Sprint 26
Difficulty: Bugzilla link:1106417
Found in release: Pull request:https://github.com/theforeman/foreman/pull/1580
Story points-
Velocity based estimate-
Release1.5.2Release relationshipAuto

Description

Reported by Jan Hutaƙ via RHBZ:

There is a possible XSS with operating system name/description.

Version-Release number of selected component (if applicable):
Satellite-6.0.3-RHEL-6-20140605.0

How reproducible:
always

Steps to Reproduce:
1. Go to Hosts -> Operating systems -> Create new operating system
2. Fill "Name: T<b>OD</b>O" in
- OR -
Fill some "Name" and "Description: T<b>OD</b>O" in
3. Submit

Actual results:
In a list of operating systems unescaped string is displayed

Expected results:
HTML should be escaped

Associated revisions

Revision 98e584f5
Added by Daniel Lobato Garcia over 3 years ago

Fixes #6580 - XSS in operating system name/description (CVE-2014-3531)

Revision bc7e27c5
Added by Daniel Lobato Garcia over 3 years ago

Fixes #6580 - XSS in operating system name/description (CVE-2014-3531)

(cherry picked from commit 98e584f5a7860fb92a9916d5e5ec524372e3f8ae)

History

#1 Updated by Dominic Cleal over 3 years ago

  • Subject changed from XSS in operating system name / description to CVE-2014-3531 - XSS in operating system name / description

#2 Updated by Daniel Lobato Garcia over 3 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/1580 added

#3 Updated by Daniel Lobato Garcia over 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by The Foreman Bot over 3 years ago

  • Status changed from Closed to Ready For Testing

#5 Updated by Dominic Cleal over 3 years ago

  • Status changed from Ready For Testing to Closed

#6 Updated by Dominic Cleal over 3 years ago

Fix released today in Foreman 1.5.2. Details posted on http://theforeman.org/security.html#2014-3531.

Also available in: Atom PDF