oss-sec mailing list archives
CVE-2016-8639: Foreman stored XSS in orgs/locations in settings
From: Dominic Cleal <dominic () cleal org>
Date: Fri, 11 Nov 2016 12:56:55 +0000
CVE-2016-8639: Foreman settings dropdown menus may run stored XSS in organization/location name If an organization or location is created with a name containing HTML, then the administrator-only Settings page will render the HTML as part of a dropdown menu. This may permit a stored XSS attack if an organization/location with HTML in the name is created, then an administrator attempts to change the default organization/location settings. Mitigation: restrict permissions to organization and location creation, use the API or CLI instead to change the default organization/location settings. Note: this CVE identifier has been assigned retrospectively, to describe a vulnerability that was fixed during a refactoring of the affected code. This issue was reported by Sanket Jagtap. Affects Foreman 1.11.0 to 1.12.4 Fix released in Foreman 1.13.0 Patch (a refactoring): https://github.com/theforeman/foreman/commit/d163507797c5d9c20249aa4d858465cbb74be229 More information: https://theforeman.org/security.html#2016-8639 http://projects.theforeman.org/issues/15037 https://theforeman.org -- Dominic Cleal dominic () cleal org
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2016-8639: Foreman stored XSS in orgs/locations in settings Dominic Cleal (Nov 11)