Vulnerability Description
A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Satellite | 6.13 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:3387Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:6818
- https://access.redhat.com/security/cve/CVE-2023-0119Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2159104Issue TrackingVendor Advisory
- https://projects.theforeman.org/issues/35977
- https://access.redhat.com/errata/RHSA-2023:3387Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:6818
- https://access.redhat.com/security/cve/CVE-2023-0119Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2159104Issue TrackingVendor Advisory
- https://projects.theforeman.org/issues/35977
FAQ
What is CVE-2023-0119?
CVE-2023-0119 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existi...
How severe is CVE-2023-0119?
CVE-2023-0119 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0119?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Satellite, Redhat Enterprise Linux.