Lucene search

Veracode Vulnerability DatabaseVERACODE:20055

HistoryMay 16, 2019 - 3:44 a.m.

Cross-site Scripting (XSS)

2019-05-1603:44:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

Red Hat Satellite is vulnerable to cross-site scripting attacks. Remote authenticated attacker could exploit the Discovery Rule component when you are entering filter via the autocomplete functionality resulting in XSS.

CPENameOperatorVersion
tfm-rubygem-hammer_cli_katelloeq0.0.22.23__1.el7sat
tfm-rubygem-hammer_cli_katelloeq0.0.22.25__1.el7sat
tfm-rubygem-hammer_cli_katelloeq0.0.22.28__1.el7sat
tfm-rubygem-hammer_cli_katelloeq0.0.22.29__1.el7sat
tfm-rubygem-hammer_cli_katelloeq0.11.3.5__1.el7sat
tfm-rubygem-hammer_cli_katelloeq0.0.22.26__1.el7sat
rubygem-sinatraeq1.4.7__1.el7sat
rubygem-sinatraeq1.4.6__1.el7
rubygem-sinatraeq1.4.5__2.el7rhgs
rubygem-sinatraeq1.4.6__1.el7ost

Name	Operator	Version
tfm-rubygem-hammer_cli_katello	eq	0.0.22.23__1.el7sat
tfm-rubygem-hammer_cli_katello	eq	0.0.22.25__1.el7sat
tfm-rubygem-hammer_cli_katello	eq	0.0.22.28__1.el7sat
tfm-rubygem-hammer_cli_katello	eq	0.0.22.29__1.el7sat
tfm-rubygem-hammer_cli_katello	eq	0.11.3.5__1.el7sat
tfm-rubygem-hammer_cli_katello	eq	0.0.22.26__1.el7sat
rubygem-sinatra	eq	1.4.7__1.el7sat
rubygem-sinatra	eq	1.4.6__1.el7
rubygem-sinatra	eq	1.4.5__2.el7rhgs
rubygem-sinatra	eq	1.4.6__1.el7ost

Rows per page:

1-10 of 18641

References

www.securityfocus.com/bid/101245

access.redhat.com/documentation/en-us/red_hat_satellite/6.4/html/release_notes/

access.redhat.com/errata/RHSA-2018:2927

access.redhat.com/security/cve/CVE-2017-12175

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1052713

bugzilla.redhat.com/show_bug.cgi?id=1060745

bugzilla.redhat.com/show_bug.cgi?id=1155817

bugzilla.redhat.com/show_bug.cgi?id=1177766

bugzilla.redhat.com/show_bug.cgi?id=1197650

bugzilla.redhat.com/show_bug.cgi?id=1260733

bugzilla.redhat.com/show_bug.cgi?id=1265533

bugzilla.redhat.com/show_bug.cgi?id=1291730

bugzilla.redhat.com/show_bug.cgi?id=1295741

bugzilla.redhat.com/show_bug.cgi?id=1312098

bugzilla.redhat.com/show_bug.cgi?id=1328707

bugzilla.redhat.com/show_bug.cgi?id=1349150

bugzilla.redhat.com/show_bug.cgi?id=1356517

bugzilla.redhat.com/show_bug.cgi?id=1357256

bugzilla.redhat.com/show_bug.cgi?id=1372468

bugzilla.redhat.com/show_bug.cgi?id=1372731

bugzilla.redhat.com/show_bug.cgi?id=1379291

bugzilla.redhat.com/show_bug.cgi?id=1382069

bugzilla.redhat.com/show_bug.cgi?id=1386283

bugzilla.redhat.com/show_bug.cgi?id=1386908

bugzilla.redhat.com/show_bug.cgi?id=1389820

bugzilla.redhat.com/show_bug.cgi?id=1400058

bugzilla.redhat.com/show_bug.cgi?id=1409485

bugzilla.redhat.com/show_bug.cgi?id=1410264

bugzilla.redhat.com/show_bug.cgi?id=1410746

bugzilla.redhat.com/show_bug.cgi?id=1412596

bugzilla.redhat.com/show_bug.cgi?id=1416106

bugzilla.redhat.com/show_bug.cgi?id=1417015

bugzilla.redhat.com/show_bug.cgi?id=1417130

bugzilla.redhat.com/show_bug.cgi?id=1419060

bugzilla.redhat.com/show_bug.cgi?id=1425609

bugzilla.redhat.com/show_bug.cgi?id=1426739

bugzilla.redhat.com/show_bug.cgi?id=1428541

bugzilla.redhat.com/show_bug.cgi?id=1430022

bugzilla.redhat.com/show_bug.cgi?id=1430742

bugzilla.redhat.com/show_bug.cgi?id=1435973

bugzilla.redhat.com/show_bug.cgi?id=1439353

bugzilla.redhat.com/show_bug.cgi?id=1443505

bugzilla.redhat.com/show_bug.cgi?id=1443804

bugzilla.redhat.com/show_bug.cgi?id=1449011

bugzilla.redhat.com/show_bug.cgi?id=1452772

bugzilla.redhat.com/show_bug.cgi?id=1455006

bugzilla.redhat.com/show_bug.cgi?id=1455132

bugzilla.redhat.com/show_bug.cgi?id=1458383

bugzilla.redhat.com/show_bug.cgi?id=1458573

bugzilla.redhat.com/show_bug.cgi?id=1458754

bugzilla.redhat.com/show_bug.cgi?id=1464219

bugzilla.redhat.com/show_bug.cgi?id=1464512

bugzilla.redhat.com/show_bug.cgi?id=1468354

bugzilla.redhat.com/show_bug.cgi?id=1468359

bugzilla.redhat.com/show_bug.cgi?id=1470014

bugzilla.redhat.com/show_bug.cgi?id=1470761

bugzilla.redhat.com/show_bug.cgi?id=1474348

bugzilla.redhat.com/show_bug.cgi?id=1475121

bugzilla.redhat.com/show_bug.cgi?id=1478849

bugzilla.redhat.com/show_bug.cgi?id=1482540

bugzilla.redhat.com/show_bug.cgi?id=1483033

bugzilla.redhat.com/show_bug.cgi?id=1485805

bugzilla.redhat.com/show_bug.cgi?id=1486297

bugzilla.redhat.com/show_bug.cgi?id=1486782

bugzilla.redhat.com/show_bug.cgi?id=1487710

bugzilla.redhat.com/show_bug.cgi?id=1488291

bugzilla.redhat.com/show_bug.cgi?id=1489377

bugzilla.redhat.com/show_bug.cgi?id=1498588

bugzilla.redhat.com/show_bug.cgi?id=1498976

bugzilla.redhat.com/show_bug.cgi?id=1500593

bugzilla.redhat.com/show_bug.cgi?id=1515888

bugzilla.redhat.com/show_bug.cgi?id=1516623

bugzilla.redhat.com/show_bug.cgi?id=1527896

bugzilla.redhat.com/show_bug.cgi?id=1536487

bugzilla.redhat.com/show_bug.cgi?id=1538448

bugzilla.redhat.com/show_bug.cgi?id=1538479

bugzilla.redhat.com/show_bug.cgi?id=1539076

bugzilla.redhat.com/show_bug.cgi?id=1545314

bugzilla.redhat.com/show_bug.cgi?id=1552632

bugzilla.redhat.com/show_bug.cgi?id=1553869

bugzilla.redhat.com/show_bug.cgi?id=1553994

bugzilla.redhat.com/show_bug.cgi?id=1555310

bugzilla.redhat.com/show_bug.cgi?id=1557067

bugzilla.redhat.com/show_bug.cgi?id=1564577

bugzilla.redhat.com/show_bug.cgi?id=1570808

bugzilla.redhat.com/show_bug.cgi?id=1572290

bugzilla.redhat.com/show_bug.cgi?id=1572297

bugzilla.redhat.com/show_bug.cgi?id=1572305

bugzilla.redhat.com/show_bug.cgi?id=1579384

bugzilla.redhat.com/show_bug.cgi?id=1595777

bugzilla.redhat.com/show_bug.cgi?id=1608447

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12175

projects.theforeman.org/issues/22042

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

Related for VERACODE:20055