Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Metrics
No CVSS v4.0
No CVSS v3.1
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Changed
Confidentiality Impact Low
Integrity Impact Low
Availability Impact None
User Interaction Required
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:M/Au:N/C:N/I:P/A:N
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Redhat |
|
Sinatrarb |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
CloudForms Management Engine 5.10 | |||
ansible-runner-0:1.1.2-2.el7ar | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ansible-tower-0:3.3.3-1.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
bubblewrap-0:0.1.7-1.el7 | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
cfme-0:5.10.0.33-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
cfme-amazon-smartstate-0:5.10.0.33-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
cfme-appliance-0:5.10.0.33-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
cfme-gemset-0:5.10.0.33-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
dbus-api-service-0:1.0.1-5.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
dumb-init-0:1.2.0-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
erlang-0:19.3.6.7-1.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
google-compute-engine-0:2.0.0-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
google-config-0:2.0.0-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
httpd-configmap-generator-0:0.2.2-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
nginx-1:1.10.2-1.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ovirt-ansible-cluster-upgrade-0:1.1.8-1.el7ev | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ovirt-ansible-disaster-recovery-0:1.1.2-1.el7ev | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ovirt-ansible-engine-setup-0:1.1.5-1.el7ev | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ovirt-ansible-image-template-0:1.1.8-1.el7ev | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ovirt-ansible-infra-0:1.1.8-1.el7ev | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ovirt-ansible-manageiq-0:1.1.12-1.el7ev | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ovirt-ansible-repositories-0:1.1.2-1.el7ev | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ovirt-ansible-roles-0:1.1.5-1.el7ev | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ovirt-ansible-shutdown-env-0:1.0.0-1.el7ev | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ovirt-ansible-v2v-conversion-host-0:1.6.3-1.el7ev | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ovirt-ansible-vm-infra-0:1.1.10-1.el7ev | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
postgresql96-0:9.6.10-1PGDG.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
prince-0:9.0r2-10.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
pyOpenSSL-0:17.3.0-4.el7ost | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-bambou-0:3.0.1-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-colorama-0:0.3.7-2.el7ost | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-crypto-0:2.6.1-16.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-daemon-0:2.1.2-7.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-funcsigs-0:1.0.2-1.el7ost | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-future-0:0.16.0-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-lockfile-1:0.11.0-10.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-meld3-0:0.6.10-1.el7 | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-mock-0:2.0.0-1.el7ost | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-pbr-0:3.1.1-2.el7ost | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-pexpect-0:4.6-1.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-psutil-0:5.4.3-2.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-ptyprocess-0:0.5.2-3.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-pylxca-0:2.1.1-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-pysocks-0:1.5.6-3.el7ost | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-requests-0:2.14.2-1.el7ost | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-requests-toolbelt-0:0.8.0-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-tabulate-0:0.8.2-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-urllib3-0:1.21.1-1.2.el7ost | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
python-vspk-0:5.3.2-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
qpid-proton-0:0.19.0-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rabbitmq-server-0:3.7.4-1.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rh-postgresql95-postgresql-pglogical-0:2.1.0-4.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rh-postgresql95-repmgr-0:4.0.6-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
ruby-0:2.4.5-90.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-bcrypt-0:3.1.12-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-ffi-0:1.9.25-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-hamlit-0:2.8.8-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-http_parser.rb-0:0.6.0-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-json-0:2.1.0-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-linux_block_device-0:0.2.1-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-memory_buffer-0:0.1.0-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-nio4r-0:2.3.1-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-nokogiri-0:1.8.2-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-ovirt-engine-sdk4-0:4.2.4-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-pg-0:0.18.4-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-puma-0:3.7.1-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-qpid_proton-0:0.22.0-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-redhat_access_cfme-0:2.0.3-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-redhat_access_lib-0:1.1.4-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-rugged-0:0.27.4-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-sqlite3-0:1.3.13-2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-unf_ext-0:0.0.7.5-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
rubygem-websocket-driver-0:0.6.5-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
smem-0:1.4-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
supervisor-0:3.1.4-1.el7 | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
wmi-0:1.3.14-7.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
wxGTK3-0:3.0.3-5.el7at | cpe:/a:redhat:cloudforms_managementengine:5.10::el7 | RHSA-2019:0212 | 2019-02-07T00:00:00Z |
CloudForms Management Engine 5.9 | |||
cfme-0:5.9.8.1-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.9::el7 | RHSA-2019:0315 | 2019-02-12T00:00:00Z |
cfme-amazon-smartstate-0:5.9.8.1-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.9::el7 | RHSA-2019:0315 | 2019-02-12T00:00:00Z |
cfme-appliance-0:5.9.8.1-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.9::el7 | RHSA-2019:0315 | 2019-02-12T00:00:00Z |
cfme-gemset-0:5.9.8.1-1.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.9::el7 | RHSA-2019:0315 | 2019-02-12T00:00:00Z |
dbus-api-service-0:1.0.1-3.2.el7cf | cpe:/a:redhat:cloudforms_managementengine:5.9::el7 | RHSA-2019:0315 | 2019-02-12T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-05-31T19:00:00
Updated: 2024-08-05T08:17:08.627Z
Reserved: 2018-05-31T00:00:00
Link: CVE-2018-11627
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-05-31T19:29:00.203
Modified: 2024-11-21T03:43:43.580
Link: CVE-2018-11627
Redhat