Norman API Cross-site Scripting Vulnerability

🗓️ 08 Feb 2024 18:45:49Reported by GitHub Advisory DatabaseType

A vulnerability in Norman's API allows unauthenticated cross-site scripting, enabling remote code execution. Fixed in patch versions 3bb70b7, a6a6cf5, cb54924, 7b2b467, bd13c65

Reporter	Title	Published	Views	Family All 18
Chainguard	CVE-2023-32193 vulnerabilities	16 Oct 202413:15	–	cgr
Circl	CVE-2023-32193	16 Oct 202416:22	–	circl
CNNVD	Rancher 安全漏洞	16 Oct 202400:00	–	cnnvd
CVE	CVE-2023-32193	16 Oct 202412:27	–	cve
Cvelist	CVE-2023-32193 Norman API Cross-site Scripting Vulnerability	16 Oct 202412:27	–	cvelist
EUVD	EUVD-2024-0711	3 Oct 202520:07	–	euvd
NVD	CVE-2023-32193	16 Oct 202413:15	–	nvd
OSV	CGA-9P63-FMHC-FJMF	25 Sep 202405:19	–	osv
OSV	CGA-MP2J-P47V-RWCW	29 Jan 202600:47	–	osv
OSV	CGA-RG66-Q68H-9C34	25 Sep 202405:33	–	osv

Vulners

Node

rancher normanRange<0.0.0-20240207153100-3bb70b772b52go

Source	Link
github	www.github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6
github	www.github.com/rancher/norman/commit/3bb70b772b52297feac64f5fdeb1b13c06c37e39
github	www.github.com/rancher/norman/commit/7b2b467995e6dfab6d4a5dee8dffc15033ae8269
github	www.github.com/rancher/norman/commit/a6a6cf5696088c32002953d36b75bdcc84f2399e
github	www.github.com/rancher/norman/commit/bd13c653293b9b5e0b37e8a6ccd1c3277f4623ed
github	www.github.com/rancher/norman/commit/cb54924f25c7666511a913cd41834299ef22dba4
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-32193
bugzilla	www.bugzilla.suse.com/show_bug.cgi
github	www.github.com/advisories/GHSA-r8f4-hv23-6qp6

16 Oct 2024 17:25Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.18.3

EPSS0.00227

SSVC

CWE-80