First published: Mon May 13 2024(Updated: )
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Katello | ||
Red Hat Satellite | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-4812 has been classified as a high severity vulnerability due to the potential for stored cross-site scripting (XSS) attacks.
To fix CVE-2024-4812, it is recommended to upgrade to the latest patched version of the Katello plugin for Foreman.
CVE-2024-4812 affects all versions of the Katello plugin for Foreman and Red Hat Satellite 6.0.
Attackers can exploit CVE-2024-4812 to execute malicious JavaScript code in the context of a user’s browser, potentially leading to data theft and session hijacking.
CVE-2024-4812 is specifically related to XSS vulnerabilities and should be addressed alongside other security practices to mitigate similar risks.