Project

General

Profile

Bug #25169

CVE-2018-14664 - Persisted XSS on all pages that use breadcrumbs

Added by Marek Hulán over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

If user has the permission to edit resource which attribute is user in the breadcrumbs bar, it's not properly escaped allowing attacker to store code, that will be executed on client side. E.g. create a domain with name test.<b>com</b>, the go to it's edit form. See the breadcrumb didn't escape the HTML code.

This has been introduced in 1.18


Related issues

Related to Foreman - Feature #22855: Add redux container for breadcrumb switcherClosed2018-03-12
Related to Foreman - Bug #25503: Breadcrumb show allow truncation with full title in tooltip on mouse hoverClosed
Related to Foreman - Bug #26822: Create host in breadcrumbs in host detail page after creating a hostClosed

Associated revisions

Revision 3a0c10ce (diff)
Added by Amir Fefer over 4 years ago

Fixes #25169 - fix xss on pages with breadcrumbs

History

#1 Updated by Marek Hulán over 4 years ago

#2 Updated by Marek Hulán over 4 years ago

  • Related to Feature #22855: Add redux container for breadcrumb switcher added

#3 Updated by Marek Hulán over 4 years ago

#4 Updated by Amir Fefer over 4 years ago

  • Assignee set to Amir Fefer

#5 Updated by The Foreman Bot over 4 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6132 added

#6 Updated by Marek Hulán over 4 years ago

  • Bugzilla link set to 1638130

#7 Updated by Marek Hulán over 4 years ago

  • Subject changed from Persisted XSS on all pages that use breadcrumbs to CVE-2018-14664 - Persisted XSS on all pages that use breadcrumbs

#8 Updated by Tomer Brisker over 4 years ago

  • Fixed in Releases 1.18.3, 1.19.1, 1.20.0 added

#9 Updated by Amir Fefer over 4 years ago

  • Status changed from Ready For Testing to Closed

#10 Updated by Adam Ruzicka over 4 years ago

  • Related to Bug #25503: Breadcrumb show allow truncation with full title in tooltip on mouse hover added

#11 Updated by Tomer Brisker over 4 years ago

  • Bugzilla link changed from 1638130 to 1652999

#12 Updated by Tomer Brisker over 3 years ago

  • Related to Bug #26822: Create host in breadcrumbs in host detail page after creating a host added

Also available in: Atom PDF