[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: crowbar XSS
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-08-31 4:32:59
Message-ID: 50403E7B.1020705 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/30/2012 06:15 AM, Thomas Biege wrote:
> 
> Hi,
> Matthias Weckbecker of SUSE Linux Products GmbH has found the following
> issue in crowbar:
> 
> http://crowbar.test.de:3000/utils?waiting=true&file=foo'%3B})%
> 3B}alert(document.cookie)</script><!--
> 
> https://github.com/SUSE-Cloud/barclamp-crowbar/commit/90e905b7668a1cc884fb70040f96c7a0a287de48
> https://github.com/SUSE-Cloud/barclamp-crowbar/commit/a82ed926c6e3ba2b0cada213c35e4b00f34ea629
> 
> Cheers,
> Thomas

Please use CVE-2012-3551 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQQD57AAoJEBYNRVNeJnmTRRwQAJQ9FNgVLZOOot7BqQeeK0V7
+/UHgz8C7i/lrNGRfoMPxg21a9nKb7ol4jzNnpeG4dHsmFdMfkXm5f3qvbvWkd+n
zJsDd/JmNQ9bUPHRVXYyZaJhzEy+/dOxs2ItT1Fq5Bh2s1gZQT0nSIwG0ITku0K1
NDy9/1rHSnpmJUa8asyNSWC39xBaPTW5xxqRW0SbJ/ogtzL4WhESl9Hn1+yiKzwn
v6+/TH6Bg32P2c7WItppS6DVOVGyV+yIHlm8X1s+HbBpf1rDo6HS0/sJ/HUTp3SU
9bnzX7X6DPdlyjIPIgJbs6Xq4F5lfytlguIahrOR3GmJoBHVl/oGrlOxaPqTUtwn
Y/0crH3QFN9Eb6PUf9DMODTBGJ+XryD//6eXfoHrTMHBi4vUWfA3svK5GLKB1+Lj
+n/Mk0IpRPBcRtkQ1zVlwDmyixWfBeYNRVfdQiEL5yCpHO5z0sDZDiijG/6vPdZ0
wAUEIRy6FzbuCkCrJ4nH9wtCVdvXD/gBZDUp4fhDt2vsnesg5Rv1UrROyNw19IJO
/eatRGSWbzLCo1PdNib/nqtUsHNf3c3wsqBHASrK9jjSPvv94b97DcKoRylzD/6V
/D21JeNc1mY50iJdIxmJXokmev4qXhS3p9uxW1NvUKs9A0YXhhWeVF13YXajtIOl
zmOj/jXJ4jIRY0EXiYDX
=r8Gw
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]