VYPR
Moderate severityNVD Advisory· Published Jan 13, 2019· Updated Aug 5, 2024

CVE-2018-16887

CVE-2018-16887

Description

A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
katelloRubyGems
< 3.9.03.9.0

Affected products

2
  • ghsa-coords
    Range: < 3.9.0
  • The Katello Project/katellov5
    Range: 3.9.0

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.