cnvd - cnvd-2016-11232

cnvd-2016-11232

Vulnerability from cnvd

Title: Foreman存在多个HTML注入漏洞

Description:

Foreman是一套用于物理和虚拟服务器中的生命周期管理工具。该工具提供服务开通、配置管理以及报告状态等功能。

Foreman存在多个HTML注入漏洞，由于程序未能充分验证用户提供的输入。攻击者可利用该漏洞窃取基于cookie的身份验证，在受影响的浏览器中执行HTML和脚本代码。

Severity: 中

Patch Name: Foreman存在多个HTML注入漏洞的补丁

Patch Description:

Foreman是一套用于物理和虚拟服务器中的生命周期管理工具。该工具提供服务开通、配置管理以及报告状态等功能。

Foreman存在多个HTML注入漏洞，由于程序未能充分验证用户提供的输入。攻击者可利用该漏洞窃取基于cookie的身份验证，在受影响的浏览器中执行HTML和脚本代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： https://theforeman.org/

Reference: http://www.securityfocus.com/bid/94263 https://bugzilla.redhat.com/show_bug.cgi?id=1393291

Impacted products

Name
Foreman Foreman >=1.11.0，<=1.12.4

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94263"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8639"
    }
  },
  "description": "Foreman\u662f\u4e00\u5957\u7528\u4e8e\u7269\u7406\u548c\u865a\u62df\u670d\u52a1\u5668\u4e2d\u7684\u751f\u547d\u5468\u671f\u7ba1\u7406\u5de5\u5177\u3002\u8be5\u5de5\u5177\u63d0\u4f9b\u670d\u52a1\u5f00\u901a\u3001\u914d\u7f6e\u7ba1\u7406\u4ee5\u53ca\u62a5\u544a\u72b6\u6001\u7b49\u529f\u80fd\u3002\r\n\r\nForeman\u5b58\u5728\u591a\u4e2aHTML\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5728\u53d7\u5f71\u54cd\u7684\u6d4f\u89c8\u5668\u4e2d\u6267\u884cHTML\u548c\u811a\u672c\u4ee3\u7801\u3002",
  "discovererName": "Sanket Jagtap (Red Hat).",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://theforeman.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11232",
  "openTime": "2016-11-17",
  "patchDescription": "Foreman\u662f\u4e00\u5957\u7528\u4e8e\u7269\u7406\u548c\u865a\u62df\u670d\u52a1\u5668\u4e2d\u7684\u751f\u547d\u5468\u671f\u7ba1\u7406\u5de5\u5177\u3002\u8be5\u5de5\u5177\u63d0\u4f9b\u670d\u52a1\u5f00\u901a\u3001\u914d\u7f6e\u7ba1\u7406\u4ee5\u53ca\u62a5\u544a\u72b6\u6001\u7b49\u529f\u80fd\u3002\r\n\r\nForeman\u5b58\u5728\u591a\u4e2aHTML\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5728\u53d7\u5f71\u54cd\u7684\u6d4f\u89c8\u5668\u4e2d\u6267\u884cHTML\u548c\u811a\u672c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Foreman\u5b58\u5728\u591a\u4e2aHTML\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Foreman Foreman \u003e=1.11.0\uff0c\u003c=1.12.4"
  },
  "referenceLink": "http://www.securityfocus.com/bid/94263\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1393291",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-14",
  "title": "Foreman\u5b58\u5728\u591a\u4e2aHTML\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2016-8639 (GCVE-0-2016-8639)

Vulnerability from cvelistv5

Published

2018-08-01 13:00

Modified

2024-08-06 02:27

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Summary

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:0336	vendor-advisory, x_refsource_REDHAT
	https://github.com/theforeman/foreman/pull/3523	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94263	vdb-entry, x_refsource_BID
	https://projects.theforeman.org/issues/15037	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	The Foreman Project	foreman	Version: 1.13.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.125Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639"
          },
          {
            "name": "RHSA-2018:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0336"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/theforeman/foreman/pull/3523"
          },
          {
            "name": "94263",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94263"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://projects.theforeman.org/issues/15037"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "foreman",
          "vendor": "The Foreman Project",
          "versions": [
            {
              "status": "affected",
              "version": "1.13.0"
            }
          ]
        }
      ],
      "datePublic": "2016-05-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-02T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639"
        },
        {
          "name": "RHSA-2018:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0336"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/theforeman/foreman/pull/3523"
        },
        {
          "name": "94263",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94263"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://projects.theforeman.org/issues/15037"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-8639",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "foreman",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.13.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Foreman Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            [
              {
                "vectorString": "4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639"
            },
            {
              "name": "RHSA-2018:0336",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0336"
            },
            {
              "name": "https://github.com/theforeman/foreman/pull/3523",
              "refsource": "CONFIRM",
              "url": "https://github.com/theforeman/foreman/pull/3523"
            },
            {
              "name": "94263",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94263"
            },
            {
              "name": "https://projects.theforeman.org/issues/15037",
              "refsource": "CONFIRM",
              "url": "https://projects.theforeman.org/issues/15037"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-8639",
    "datePublished": "2018-08-01T13:00:00",
    "dateReserved": "2016-10-12T00:00:00",
    "dateUpdated": "2024-08-06T02:27:41.125Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted