Lucene search

Gentoo FoundationMGASA-2021-0206

HistoryMay 07, 2021 - 8:35 a.m.

Updated pagure packages fix a security vulnerability

2021-05-0708:35:41

Gentoo Foundation

advisories.mageia.org

pagure

security

vulnerability

xss

templates

blame view

unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

44.9%

JSON

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

OSVersionArchitecturePackageVersionFilename
Mageia7noarchpagure< 5.5-1.1pagure-5.5-1.1.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	pagure	< 5.5-1.1	pagure-5.5-1.1.mga7

References

bugs.mageia.org/show_bug.cgi?id=27487

bugzilla.suse.com/show_bug.cgi?id=1176987

pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

44.9%

JSON

Related for MGASA-2021-0206