CVE-2017-7514

4.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Satellite
Vendor: CVE Published:; 30 July 2018

Summary

A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.

Affected Version(s)

Red Hat Satellite 5.8.0

References

https://access.redhat.com/errata/RHSA-2017:1558

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7514

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2018
Vulnerability Reserved
Apr 5, 2017