Controller: cross site scripting in automation controller ui
CVE-2022-3205

4.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Ansible Automation Platform 1.2; Red Hat Ansible Automation Platform 2
Vendor: CVE Published:; 13 September 2022

What is CVE-2022-3205?

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection

References

https://access.redhat.com/security/cve/CVE-2022-3205

vdb-entryx_redhatRef

https://bugzilla.redhat.com/show_bug.cgi?id=2120597

issue-trackingx_redhatRef

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2022
Vulnerability Reserved
Sep 13, 2022

Credit

This issue was discovered by Oleg Sushchenko (Red Hat).