Bugzilla – Bug 973162
VUL-0: CVE-2016-3079: spacewalk-java: Multiple XSS issues in WebUI
Last modified: 2016-05-20 00:15:14 UTC
rh#1320940 Two XSS issues due to element creation in SSM (Perl stack) and displaying outside of it and two XSS issues on pages for entitlements management were reported. There are two XSS issues due to element creation in SSM (Perl stack) and displaying outside of it Version-Release number of selected component (if applicable): spacewalk-java-2.3.8-129.el6sat.noarch spacewalk-html-2.3.2-34.el6sat.noarch How reproducible: always Steps to Reproduce: 1/a. Systems -> select ~2 with Provisioning add-on entitlement -> [Manage] in upper right corner of the page /b. SSM -> Provisioninng -> Tag Systems -> enter '"><script>alert()</script>' -> Tag Current Snapshots /c. SSM -> Systems -> <one_of_the_systems> -> Provisioning -> Snapshot Tags 2/a. Systems -> Systems Set Manager /b. SSM -> in "Groups: Create and manage groups" click "Create" /c. Fill name: '"><script>alert(1)</script>' and random description /d. Systems -> <random_system> -> Groups -> Join /e. join that group /f. you are redirected to Groups -> List/Leave Actual results: In 1/c, 2/d and 2/f JavaScript alerts get executed Expected results: No alerts spacewalk github commit https://github.com/spacewalkproject/spacewalk/commit/7920542f References: https://bugzilla.redhat.com/show_bug.cgi?id=1320940 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3079
Description of problem: There are two XSS issues on pages for entitlements management. Version-Release number of selected component (if applicable): spacewalk-java-2.3.8-129.el6sat.noarch How reproducible: always Steps to Reproduce: 1. /rhn/systems/SystemEntitlements.do?"><script>alert(1)</script> (make sure you have some system registered) 2. /rhn/admin/multiorg/EntitlementDetails.do?label=enterprise_entitled"><script>alert(1)</script> Actual results: JavaScript alert gets executed. Expected results: Alert should not be executed. commits: https://github.com/spacewalkproject/spacewalk/commit/7b9ff9ad6caf91d789039ed106342c430223e55f https://github.com/spacewalkproject/spacewalk/commit/d76cde9cf036f7fd42971fdaa49921907dbd6918
bugbot adjusting priority
Merged. Closing this bug, thanks everyone for cooperation.
SUSE-SU-2016:1367-1: An update that solves 5 vulnerabilities and has 24 fixes is now available. Category: security (moderate) Bug References: 922740,924298,958923,961002,961565,962253,966622,966737,966890,968257,968406,968851,970223,970425,970550,970672,970901,970989,971237,972341,973162,973432,973550,974010,974011,974315,976194,976826,978166 CVE References: CVE-2015-0284,CVE-2016-2103,CVE-2016-2104,CVE-2016-3079,CVE-2016-3097 Sources used: SUSE Manager 2.1 (src): cobbler-2.2.2-0.61.2, osad-5.11.33.11-15.2, rhnlib-2.5.69.8-11.2, spacewalk-backend-2.1.55.25-24.5, spacewalk-branding-2.1.33.16-18.2, spacewalk-certs-tools-2.1.6.10-18.3, spacewalk-java-2.1.165.23-20.1, spacewalk-utils-2.1.27.15-12.7, suseRegisterInfo-2.1.12-14.2, susemanager-2.1.24-23.1, susemanager-sync-data-2.1.15-30.2, susemanager-tftpsync-2.1.2-11.2