Vulnerability Name: | CVE-2021-3529 (CCN-202921) | ||||||||||||
Assigned: | 2021-05-27 | ||||||||||||
Published: | 2021-05-27 | ||||||||||||
Updated: | 2021-06-15 | ||||||||||||
Summary: | A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity. | ||||||||||||
CVSS v3 Severity: | 7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:H/RL:O/RC:C)
4.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||
Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-3529 Source: CCN Type: Red Hat Bugzilla - Bug 1950479 (CVE-2021-3529) - CVE-2021-3529 noobaa-core: Cross-site scripting vulnerability with noobaa management URL Source: MISC Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1950479 Source: XF Type: UNKNOWN noobaa-cve20213529-xss(202921) Source: CCN Type: noobaa-core GIT Repository noobaa-core | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||||||
BACK |