Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 18 Aug 2015 01:57:36 -0400 (EDT)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, dom@...th.li, shawn@...tpractical.com
Subject: Re: CVE Request: Request Tracker: cross-site scripting in cryptography interface

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Could you please assign a CVE for the second cross-site scripting
> issue mentioned in
> http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html
> 
> > RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS)
> > attack via the cryptography interface.  This vulnerability could
> > allow an attacker with a carefully-crafted key to inject JavaScript
> > into RT's user interface. Installations which use neither GnuPG nor
> > S/MIME are unaffected.
> 
> Fixed by:
> https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d1c7767d8484c4
> 
> According to Shawn M. Moore (Cc'ed) for this second issue there was
> not requested a CVE.

>> Escape message crypt status as we insert it into the DOM

>> The ->{'Value'} part of each message is inserted into the DOM with no
>> escaping (to accommodate MakeClicky and callbacks using HTML). Values RT
>> receives from other systems must be escaped or they leave us vulnerable to
>> an XSS injection attack.

Use CVE-2015-6506.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJV0siQAAoJEKllVAevmvmsVZsIAIs5LowTk+7CE+Yenbu8LpB7
+t4iA5AEbUNm5IvTO4DUDzbfMoYCRC1q8NFESf1yNNpGp5xZfxMPO5SMOP6IYOEW
LIl5jQYTvInesIL+vLlceUY2Y85aiGEOWSite8iKTkHLL/PnYBPsSva+uhVkbd51
JKqA1VFmlA4Y7gML+bhn8sJwB5q6XhI55IjvW6oxzypGtQf96odMgvmluqg7oF8R
f/y5KsWl4GZbHgyOhQt6FMy/SFYMPaZfDeDd5XVaWgBRO2NyOVfCKrnYmxrCO0Z+
Sfdncx7S4bvaUvKLcLRgO813qrBNaKW87qwwMQ5eZ8WqtTz+dCE8U7M6Q6PYNg4=
=3olU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ