CVE-2018-16861
Last modified
CVE-2018-16861 is a vulnerability of currently unknown severity. A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. EPSS estimates a 0.88% chance of exploitation in the next 30 days.
Description
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Theforeman | Foreman | < 1.18.3 | — |
| Theforeman | Foreman | >= 1.19.0, < 1.19.1 | — |
| Theforeman | Foreman | 1.20.0 | Rc1 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16861Issue Tracking, Patch, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16861Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-16861?
How severe is CVE-2018-16861?
How do I fix CVE-2018-16861?
Are you affected by CVE-2018-16861?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST