Bug #16024
Foreman form helpers do not escape JS when rendering label
| Status: | Closed | ||
|---|---|---|---|
| Priority: | Normal | ||
| Assignee: |  Marek Hulán | ||
| Category: | Security | ||
| Target version: | 1.12.2 | ||
| Difficulty: | Team Backlog: | ||
| Triaged: | Fixed in Releases: | ||
| Bugzilla link: | Found in Releases: | 1.6.0 | |
| Pull request: | https://github.com/theforeman/foreman/pull/3715 | ||
Description
The issue was introduced in Foreman 1.6. There's only one dynamic :label => in Foreman that uses MailNotification name which we don't allow users to modify so there's no vulnerable code in Foreman. But remote execution plugin that rely on this label to be escaped. Setting to 1.12.2, feel free to reset. For REX this is pretty important though.
Related issues
Associated revisions
Fixes #16024 - escape labels of form fields
Fixes #16024 - escape labels of form fields
(cherry picked from commit 0f35fe14acf0d0d3b55e9337bc5e2b9640ff2372)
History
#1
Updated by The Foreman Bot almost 2 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3715 added
#2
Updated by Marek Hulán almost 2 years ago
- Category changed from Web Interface to Security
#3
Updated by Marek Hulán almost 2 years ago
- Related to Bug #16019: CVE-2016-6319 - Persistent XSS in job invocation form triggered by unescaped user input name added
#4
Updated by Marek Hulán almost 2 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 0f35fe14acf0d0d3b55e9337bc5e2b9640ff2372.