CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0119 – Foreman: stored cross-site scripting in host tab
https://notcve.org/view.php?id=CVE-2023-0119
A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials. Se encontró una vulnerabilidad de Cross-Site Scripting almacenada en foreman. La sección Comment en la pestaña Hosts tiene un filtrado incorrecto de los datos de entrada del usuario. • https://access.redhat.com/errata/RHSA-2023:3387 https://access.redhat.com/errata/RHSA-2023:6818 https://access.redhat.com/security/cve/CVE-2023-0119 https://bugzilla.redhat.com/show_bug.cgi?id=2159104 https://projects.theforeman.org/issues/35977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-4130 – satellite: Blind SSRF via Referer header
https://notcve.org/view.php?id=CVE-2022-4130
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server. Se encontró una vulnerabilidad de blind site-to-site request forgery en Satellite server. Es posible desencadenar una interacción externa con el servidor de un atacante modificando el encabezado Referer en una solicitud HTTP de recursos específicos en el servidor. • https://bugzilla.redhat.com/show_bug.cgi?id=2145254 https://access.redhat.com/security/cve/CVE-2022-4130 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3644 – Pulp: Tokens stored in plaintext
https://notcve.org/view.php?id=CVE-2022-3644
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. La colección remota para pulp_ansible almacena tokens en texto plano en lugar de usar el campo encriptado de pulp y los expone en modo de lectura/escritura por medio de la API () en lugar de marcarla como sólo de escritura A flaw exists in the collection remote for pulp_ansible, where tokens are stored in plaintext instead of using pulp's encrypted field. This flaw allows an attacker with sufficient privileges to read the stored tokens, resulting in the loss of confidentiality. • https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234 https://access.redhat.com/security/cve/CVE-2022-3644 https://bugzilla.redhat.com/show_bug.cgi?id=2131990 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3414
https://notcve.org/view.php?id=CVE-2021-3414
A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality. Se ha encontrado un fallo en satellite. Cuando son concedidos permisos granulares relacionados con la organización, también son concedidos otros permisos que permiten al usuario visualizar y administrar otras organizaciones. • https://access.redhat.com/security/cve/CVE-2021-3414 https://bugzilla.redhat.com/show_bug.cgi?id=1926139 • CWE-281: Improper Preservation of Permissions •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3590
https://notcve.org/view.php?id=CVE-2021-3590
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en Foreman project. Se ha identificado un filtrado de credenciales que expondrá la contraseña de Azure Compute Profile mediante el JSON de la salida de la API. • https://access.redhat.com/security/cve/CVE-2021-3590 https://bugzilla.redhat.com/show_bug.cgi?id=1969258 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •