973550 – (CVE-2016-3097) VUL-0: CVE-2016-3097: spacewalk-java: Multiple XSS flaws

Bug 973550 (CVE-2016-3097) - VUL-0: CVE-2016-3097: spacewalk-java: Multiple XSS flaws

Summary: VUL-0: CVE-2016-3097: spacewalk-java: Multiple XSS flaws

Status:	RESOLVED FIXED

Alias:	CVE-2016-3097

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Galaxy Bugs
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/165424/
Whiteboard:	CVSSv2:RedHat:CVE-2016-3097:4.3:(AV:N...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-04-01 07:53 UTC by Johannes Segitz
Modified:	2016-05-20 00:15 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-04-01 07:53:10 UTC

rh#1322747

Group name is not properly escaped allowing XSS

An XSS vulnerability was found in WebUI when creating group with HTML via SSM or API and checking snapshot with this group join/leave.

Acknowledgments: Jan Hutař (Red Hat)

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1322747
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3097

Comment 1 Swamp Workflow Management 2016-04-01 22:00:35 UTC

bugbot adjusting priority

Comment 2 Michael Calmer 2016-04-06 14:45:47 UTC

Are there patches available? Maybe this is in old perl code which was re-written on upstream. So there might be no patch in the public git.

Comment 3 Johannes Segitz 2016-04-08 11:30:06 UTC

(In reply to Michael Calmer from comment #2)
I think it is commit b6491eba7f942d424f6267045a417c747e2f1996

Comment 4 Silvio Moioli 2016-04-19 20:40:29 UTC

Merged.

Closing this bug, thanks everyone for cooperation.

Comment 5 Swamp Workflow Management 2016-05-20 00:15:36 UTC

SUSE-SU-2016:1367-1: An update that solves 5 vulnerabilities and has 24 fixes is now available.

Category: security (moderate)
Bug References: 922740,924298,958923,961002,961565,962253,966622,966737,966890,968257,968406,968851,970223,970425,970550,970672,970901,970989,971237,972341,973162,973432,973550,974010,974011,974315,976194,976826,978166
CVE References: CVE-2015-0284,CVE-2016-2103,CVE-2016-2104,CVE-2016-3079,CVE-2016-3097
Sources used:
SUSE Manager 2.1 (src):    cobbler-2.2.2-0.61.2, osad-5.11.33.11-15.2, rhnlib-2.5.69.8-11.2, spacewalk-backend-2.1.55.25-24.5, spacewalk-branding-2.1.33.16-18.2, spacewalk-certs-tools-2.1.6.10-18.3, spacewalk-java-2.1.165.23-20.1, spacewalk-utils-2.1.27.15-12.7, suseRegisterInfo-2.1.12-14.2, susemanager-2.1.24-23.1, susemanager-sync-data-2.1.15-30.2, susemanager-tftpsync-2.1.2-11.2