CVE-2024-4812

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.
References
Link Resource
https://access.redhat.com/security/cve/CVE-2024-4812 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2280187 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:katello_project:katello:-:*:*:*:*:foreman:*:*
cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*

History

18 Jun 2024, 18:49

Type Values Removed Values Added
First Time Katello Project
Redhat satellite
Katello Project katello
Redhat
References () https://access.redhat.com/security/cve/CVE-2024-4812 - () https://access.redhat.com/security/cve/CVE-2024-4812 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2280187 - () https://bugzilla.redhat.com/show_bug.cgi?id=2280187 - Issue Tracking, Third Party Advisory
CPE cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
cpe:2.3:a:katello_project:katello:-:*:*:*:*:foreman:*:*

06 Jun 2024, 14:17

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en el complemento Katello para Foreman, donde es posible almacenar código JavaScript malicioso en el campo "Descripción" de un usuario. Este código se puede ejecutar al abrir determinadas páginas, por ejemplo, Colecciones de hosts.

05 Jun 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-05 15:15

Updated : 2024-06-18 18:49


NVD link : CVE-2024-4812

Mitre link : CVE-2024-4812

CVE.ORG link : CVE-2024-4812


JSON object : View

Products Affected

katello_project

  • katello

redhat

  • satellite
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')