[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Bodhi: Script injection
From:       Henri Salo <henri () nerv ! fi>
Date:       2019-10-30 7:26:36
Message-ID: 20191030072636.GA17423 () tunkki ! bugs ! fi
[Download RAW message or body]

On Tue, Oct 29, 2019 at 10:12:35AM -0400, Randy Barlow wrote:
> A script injection vulnerability[0] was recently reported in Bodhi[1],
> and a patch[2] has been merged in response. Users with packager
> privileges were able to create or edit updates that included <script>
> tags.
> 
> There is not yet a CVE for this issue.
> 
> 
> [0] https://pagure.io/fedora-infrastructure/issue/8324
> [1] https://github.com/fedora-infra/bodhi
> [2] https://github.com/fedora-infra/bodhi/pull/3657

You can request CVE via https://cveform.mitre.org/

-- 
Henri Salo
[prev in list] [next in list] [prev in thread] [next in thread]