Cross-Site Scripting Vulnerability in Bodhi by Fedora
CVE-2017-1002152

6.1MEDIUM

Key Information:

Vendor: Fedora Project Infrastructure
Status: Bodhi
Vendor: CVE Published:; 3 October 2022

🔔 Create Fedora Project Infrastructure Vulnerability Alert

What is CVE-2017-1002152?

Bodhi versions 2.9.0 and earlier are susceptible to cross-site scripting (XSS) attacks due to improper validation of bug titles. This flaw allows attackers to inject malicious code that can be executed in the context of an affected user's browser. As a result, this vulnerability poses significant risks, potentially enabling unauthorized actions or data exposure. Users of Bodhi should ensure they are using the latest patched version to mitigate these risks.

Affected Version(s)

Bodhi <= 2.9.0

References

https://github.com/fedora-infra/bodhi/issues/1740

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Oct 3, 2022

JSON