Vulnerability Details : CVE-2018-16861
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable.
Vulnerability category: Cross site scripting (XSS)Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2018-16861
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 20 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-16861
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST |
4.8
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
1.7
|
2.7
|
NIST |
7.6
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L |
2.1
|
5.5
|
Red Hat, Inc. |
CWE ids for CVE-2018-16861
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2018-16861
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16861
1645201 – (CVE-2018-16861) CVE-2018-16861 foreman: stored XSS in success notification after entity creationIssue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1222
RHSA-2019:1222 - Security Advisory - Red Hat Customer Portal
Products affected by CVE-2018-16861
- cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
- cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
- cpe:2.3:a:theforeman:foreman:1.20.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:theforeman:foreman:1.20.0:rc2:*:*:*:*:*:*