CVE-2022-3205: Controller: cross site scripting in automation controller ui
First published: Tue Aug 23 2022(Updated: )
An XSS exists in automation controller UI where the project name is susceptible to XSS injection.POC and INC ticket below
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Ansible Automation Platform | =1.2 | |
| Redhat Ansible Automation Platform | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-3205?
CVE-2022-3205 is a vulnerability in the automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection.
What software versions are affected by CVE-2022-3205?
Red Hat Ansible Automation Platform versions 1.2 and 2.0 are affected by CVE-2022-3205.
How severe is CVE-2022-3205?
CVE-2022-3205 has a severity rating of medium with a CVSS score of 6.1.
How can I fix CVE-2022-3205?
To fix CVE-2022-3205, it is recommended to upgrade to a patched version of Red Hat Ansible Automation Platform.
Where can I find more information about CVE-2022-3205?
More information about CVE-2022-3205 can be found on the Red Hat Bugzilla page (https://bugzilla.redhat.com/show_bug.cgi?id=2120597) and the Red Hat Security Advisory page (https://access.redhat.com/security/cve/CVE-2022-3205).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/event
- agent/description
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-3205
- vendor/redhat
- canonical/redhat ansible automation platform
- version/redhat ansible automation platform/1.2
- version/redhat ansible automation platform/2.0