Project

General

Custom queries

Profile

Actions
Copy link

Bug #6149

closed

CVE-2014-3492 - XSS in host YAML view

Added by Dominic Cleal almost 11 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Lukas Zapletal
Category:
Security
Target version:
1.4.5
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

The host YAML view (preview of YAML data for Puppet) is vulnerable to cross-site scripting attacks, when data relating to the host (such as parameters) contains HTML content.

1. Edit a host, add a parameter with HTML as its name or value
2. View the host, click the YAML button

Files

0001-fixes-6149-fixed-XSS-in-host-YAML-view.patch 0001-fixes-6149-fixed-XSS-in-host-YAML-view.patch 886 Bytes Lukas Zapletal, 06/11/2014 02:16 PM
#1

Updated by Lukas Zapletal almost 11 years ago

  • Status changed from New to Assigned
  • Assignee set to Lukas Zapletal
#3

Updated by Lukas Zapletal almost 11 years ago

  • Status changed from Assigned to Ready For Testing
#4

Updated by Dominic Cleal almost 11 years ago

  • Subject changed from EMBARGOED: XSS in host YAML view to EMBARGOED: CVE-2014-3492 - XSS in host YAML view
#5

Updated by Dominic Cleal almost 11 years ago

  • Status changed from Ready For Testing to Pending
#6

Updated by Dominic Cleal almost 11 years ago

  • Target version changed from 1.8.2 to 1.8.1
#7

Updated by Dominic Cleal almost 11 years ago

  • Translation missing: en.field_release changed from 16 to 19
#8

Updated by Dominic Cleal almost 11 years ago

  • Subject changed from EMBARGOED: CVE-2014-3492 - XSS in host YAML view to CVE-2014-3492 - XSS in host YAML view
  • Description updated (diff)
  • Private changed from Yes to No
#9

Updated by Lukas Zapletal almost 11 years ago

  • Status changed from Pending to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF