CVE-2016-6320 - Vulnerability Details

Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Satellite Satellite Capsule
Theforeman	Foreman

Configuration 1 [-]

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Satellite 6.2 for RHEL 6
foreman-0:1.11.0.53-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
foreman-proxy-0:1.11.0.6-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
katello-0:3.0.0-12.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
katello-installer-base-0:3.0.0.57-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
python-qpid-0:0.30-10.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
satellite-0:6.2.2-1.1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
satellite-installer-0:6.2.0.12-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-bastion-0:3.2.0.10-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_openscap-0:0.5.3.18-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman-redhat_access-0:1.0.13-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_remote_execution-0:0.3.0.12-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_theme_satellite-0:0.1.28-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-hammer_cli_csv-0:2.1.0-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-hammer_cli_katello-0:0.0.22.26-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-katello-0:3.0.0.78-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-redhat_access_lib-0:1.0.4-1.el6sat	cpe:/a:redhat:satellite:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
foreman-0:1.11.0.53-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
foreman-proxy-0:1.11.0.6-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
katello-0:3.0.0-12.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
katello-installer-base-0:3.0.0.57-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
python-qpid-0:0.30-10.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
satellite-0:6.2.2-1.1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
satellite-installer-0:6.2.0.12-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-bastion-0:3.2.0.10-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_openscap-0:0.5.3.18-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman-redhat_access-0:1.0.13-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_remote_execution-0:0.3.0.12-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_theme_satellite-0:0.1.28-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-hammer_cli_csv-0:2.1.0-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-hammer_cli_katello-0:0.0.22.26-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-katello-0:3.0.0.78-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-redhat_access_lib-0:1.0.4-1.el6sat	cpe:/a:redhat:satellite_capsule:6.1::el6	RHBA-2016:1885	2016-09-14T00:00:00Z
Red Hat Satellite 6.2 for RHEL 7
foreman-0:1.11.0.53-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
foreman-proxy-0:1.11.0.6-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
katello-0:3.0.0-12.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
katello-installer-base-0:3.0.0.57-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
satellite-0:6.2.2-1.1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
satellite-installer-0:6.2.0.12-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-bastion-0:3.2.0.10-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_openscap-0:0.5.3.18-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman-redhat_access-0:1.0.13-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_remote_execution-0:0.3.0.12-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_theme_satellite-0:0.1.28-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-hammer_cli_csv-0:2.1.0-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-hammer_cli_katello-0:0.0.22.26-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-katello-0:3.0.0.78-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-redhat_access_lib-0:1.0.4-1.el7sat	cpe:/a:redhat:satellite:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
foreman-0:1.11.0.53-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
foreman-proxy-0:1.11.0.6-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
katello-0:3.0.0-12.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
katello-installer-base-0:3.0.0.57-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
satellite-0:6.2.2-1.1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
satellite-installer-0:6.2.0.12-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-bastion-0:3.2.0.10-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_openscap-0:0.5.3.18-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman-redhat_access-0:1.0.13-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_remote_execution-0:0.3.0.12-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-foreman_theme_satellite-0:0.1.28-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-hammer_cli_csv-0:2.1.0-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-hammer_cli_katello-0:0.0.22.26-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-katello-0:3.0.0.78-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z
tfm-rubygem-redhat_access_lib-0:1.0.4-1.el7sat	cpe:/a:redhat:satellite_capsule:6.2::el7	RHBA-2016:1885	2016-09-14T00:00:00Z

References

Link	Providers
http://projects.theforeman.org/issues/16022
http://www.securityfocus.com/bid/92431
https://access.redhat.com/errata/RHBA-2016:1885
https://bugzilla.redhat.com/show_bug.cgi?id=1365785
https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0
https://nvd.nist.gov/vuln/detail/CVE-2016-6320
https://theforeman.org/security.html#2016-6320
https://www.cve.org/CVERecord?id=CVE-2016-6320

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-08-19T21:00:00

Updated: 2024-08-06T01:29:18.439Z

Reserved: 2016-07-26T00:00:00

Link: CVE-2016-6320

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-08-19T21:59:15.290

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-6320

Redhat

Severity : Moderate

Publid Date: 2016-08-10T00:00:00Z

Links: CVE-2016-6320 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-09T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHBA-2016:1885", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHBA-2016:1885"}, {"name": "92431", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92431"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://theforeman.org/security.html#2016-6320"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365785"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://projects.theforeman.org/issues/16022"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:18.439Z"}, "title": "CVE Program Container", "references": [{"name": "RHBA-2016:1885", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHBA-2016:1885"}, {"name": "92431", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92431"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://theforeman.org/security.html#2016-6320"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365785"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://projects.theforeman.org/issues/16022"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-6320", "datePublished": "2016-08-19T21:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-08-06T01:29:18.439Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "matchCriteriaId": "A05803BC-E1D8-4EC0-8054-AA76B42D2D2B", "versionEndIncluding": "1.12.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form."}, {"lang": "es", "value": "Vulnerabilidad de XSS en app/assets/javascripts/host_edit_interfaces.js en Foreman en versiones anteriores a 1.12.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del identificador de dispositivo de interfaz de red en el formulario de interfaz del anfitri\u00f3n."}], "id": "CVE-2016-6320", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-19T21:59:15.290", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://projects.theforeman.org/issues/16022"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92431"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHBA-2016:1885"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365785"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://theforeman.org/security.html#2016-6320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://projects.theforeman.org/issues/16022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92431"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHBA-2016:1885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://theforeman.org/security.html#2016-6320"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Sanket Jagtap (Red Hat).", "affected_release": [{"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "foreman-0:1.11.0.53-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "foreman-proxy-0:1.11.0.6-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "katello-0:3.0.0-12.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "katello-installer-base-0:3.0.0.57-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "python-qpid-0:0.30-10.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "satellite-0:6.2.2-1.1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "satellite-installer-0:6.2.0.12-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-bastion-0:3.2.0.10-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-foreman_openscap-0:0.5.3.18-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-foreman-redhat_access-0:1.0.13-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-foreman_remote_execution-0:0.3.0.12-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.28-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-hammer_cli_csv-0:2.1.0-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-hammer_cli_katello-0:0.0.22.26-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-katello-0:3.0.0.78-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-redhat_access_lib-0:1.0.4-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "foreman-0:1.11.0.53-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "foreman-proxy-0:1.11.0.6-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "katello-0:3.0.0-12.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "katello-installer-base-0:3.0.0.57-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "python-qpid-0:0.30-10.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "satellite-0:6.2.2-1.1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "satellite-installer-0:6.2.0.12-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-bastion-0:3.2.0.10-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-foreman_openscap-0:0.5.3.18-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-foreman-redhat_access-0:1.0.13-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-foreman_remote_execution-0:0.3.0.12-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.28-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-hammer_cli_csv-0:2.1.0-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-hammer_cli_katello-0:0.0.22.26-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-katello-0:3.0.0.78-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-redhat_access_lib-0:1.0.4-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "foreman-0:1.11.0.53-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "foreman-proxy-0:1.11.0.6-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "katello-0:3.0.0-12.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "katello-installer-base-0:3.0.0.57-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "satellite-0:6.2.2-1.1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "satellite-installer-0:6.2.0.12-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-bastion-0:3.2.0.10-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-foreman_openscap-0:0.5.3.18-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-foreman-redhat_access-0:1.0.13-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-foreman_remote_execution-0:0.3.0.12-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.28-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-hammer_cli_csv-0:2.1.0-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-hammer_cli_katello-0:0.0.22.26-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-katello-0:3.0.0.78-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-redhat_access_lib-0:1.0.4-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "foreman-0:1.11.0.53-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "foreman-proxy-0:1.11.0.6-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "katello-0:3.0.0-12.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "katello-installer-base-0:3.0.0.57-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "satellite-0:6.2.2-1.1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "satellite-installer-0:6.2.0.12-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-bastion-0:3.2.0.10-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-foreman_openscap-0:0.5.3.18-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-foreman-redhat_access-0:1.0.13-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-foreman_remote_execution-0:0.3.0.12-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.28-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-hammer_cli_csv-0:2.1.0-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-hammer_cli_katello-0:0.0.22.26-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-katello-0:3.0.0.78-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}, {"advisory": "RHBA-2016:1885", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-redhat_access_lib-0:1.0.4-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2016-09-14T00:00:00Z"}], "bugzilla": {"description": "satellite6: stored XSS while provisioning new host", "id": "1365785", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365785"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.", "A cross-site scripting (XSS) flaw was found in the \"Device Identifier\" field of the new host provisioning components of Red Hat Satellite. A user able to create a new host could exploit this flaw to perform XSS attacks against other Satellite users."], "name": "CVE-2016-6320", "public_date": "2016-08-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-6320\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6320"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object