Lucene search

Redhat.comRH:CVE-2023-46998

HistoryNov 09, 2023 - 11:14 p.m.

CVE-2023-46998

2023-11-0923:14:44

redhat.com

access.redhat.com

vulnerability

remote attack

arbitrary code

confidentiality compromise

integrity compromise

sanitize input

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.3%

JSON

A flaw was discovered in bootbox.js. This issue may allow a remote attacker to execute arbitrary code using a specially crafted payload, compromising the confidentiality and integrity of sensitive data.

Mitigation

Sanitize input before adding it to a DOM element using jquery.

References

bugzilla.redhat.com/show_bug.cgi?id=2248972

nvd.nist.gov/vuln/detail/CVE-2023-46998

www.cve.org/CVERecord?id=CVE-2023-46998

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for RH:CVE-2023-46998