Lucene search

Redhat.comRH:CVE-2023-46998

HistoryNov 09, 2023 - 11:14 p.m.

CVE-2023-46998

2023-11-0923:14:44

redhat.com

access.redhat.com

vulnerability

remote attack

arbitrary code

confidentiality compromise

integrity compromise

sanitize input

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON

A flaw was discovered in bootbox.js. This issue may allow a remote attacker to execute arbitrary code using a specially crafted payload, compromising the confidentiality and integrity of sensitive data.

Mitigation

Sanitize input before adding it to a DOM element using jquery.

References

bugzilla.redhat.com/show_bug.cgi?id=2248972

nvd.nist.gov/vuln/detail/CVE-2023-46998

www.cve.org/CVERecord?id=CVE-2023-46998

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON

Related for RH:CVE-2023-46998