[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Bodhi: Script injection
From: Henri Salo <henri () nerv ! fi>
Date: 2019-10-30 7:26:36
Message-ID: 20191030072636.GA17423 () tunkki ! bugs ! fi
[Download RAW message or body]
On Tue, Oct 29, 2019 at 10:12:35AM -0400, Randy Barlow wrote:
> A script injection vulnerability[0] was recently reported in Bodhi[1],
> and a patch[2] has been merged in response. Users with packager
> privileges were able to create or edit updates that included <script>
> tags.
>
> There is not yet a CVE for this issue.
>
>
> [0] https://pagure.io/fedora-infrastructure/issue/8324
> [1] https://github.com/fedora-infra/bodhi
> [2] https://github.com/fedora-infra/bodhi/pull/3657
You can request CVE via https://cveform.mitre.org/
--
Henri Salo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic