Project

General

Profile

Actions

Bug #25169

closed

CVE-2018-14664 - Persisted XSS on all pages that use breadcrumbs

Added by Marek Hulán almost 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

If user has the permission to edit resource which attribute is user in the breadcrumbs bar, it's not properly escaped allowing attacker to store code, that will be executed on client side. E.g. create a domain with name test.<b>com</b>, the go to it's edit form. See the breadcrumb didn't escape the HTML code.

This has been introduced in 1.18


Related issues 3 (0 open3 closed)

Related to Foreman - Feature #22855: Add redux container for breadcrumb switcherClosedAmir Fefer03/12/2018Actions
Related to Foreman - Bug #25503: Breadcrumb show allow truncation with full title in tooltip on mouse hoverClosedAdam RuzickaActions
Related to Foreman - Bug #26822: Create host in breadcrumbs in host detail page after creating a hostClosedTomer BriskerActions
Actions #1

Updated by Marek Hulán almost 6 years ago

Actions #2

Updated by Marek Hulán almost 6 years ago

  • Related to Feature #22855: Add redux container for breadcrumb switcher added
Actions #3

Updated by Marek Hulán almost 6 years ago

Actions #4

Updated by Amir Fefer almost 6 years ago

  • Assignee set to Amir Fefer
Actions #5

Updated by The Foreman Bot almost 6 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6132 added
Actions #6

Updated by Marek Hulán almost 6 years ago

  • Bugzilla link set to 1638130
Actions #7

Updated by Marek Hulán almost 6 years ago

  • Subject changed from Persisted XSS on all pages that use breadcrumbs to CVE-2018-14664 - Persisted XSS on all pages that use breadcrumbs
Actions #8

Updated by Tomer Brisker almost 6 years ago

  • Fixed in Releases 1.18.3, 1.19.1, 1.20.0 added
Actions #9

Updated by Amir Fefer almost 6 years ago

  • Status changed from Ready For Testing to Closed
Actions #10

Updated by Adam Ruzicka almost 6 years ago

  • Related to Bug #25503: Breadcrumb show allow truncation with full title in tooltip on mouse hover added
Actions #11

Updated by Tomer Brisker almost 6 years ago

  • Bugzilla link changed from 1638130 to 1652999
Actions #12

Updated by Tomer Brisker about 5 years ago

  • Related to Bug #26822: Create host in breadcrumbs in host detail page after creating a host added
Actions

Also available in: Atom PDF