CVE-2015-7518
A stored cross-site scripting (XSS) flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data.
Find out more about CVE-2015-7518 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 3.5 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:S/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | Single |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Satellite 6.1 (foreman) | RHSA-2016:0174 | 2016-02-15 |
| Red Hat Satellite Capsule 6.1 (foreman) | RHSA-2016:0174 | 2016-02-15 |
| Red Hat Satellite Capsule 6.1 (foreman) | RHSA-2016:0174 | 2016-02-15 |
| Red Hat Satellite 6.1 - Optional (foreman) | RHSA-2016:0174 | 2016-02-15 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Satellite 6 | foreman | Will not fix |
| OpenStack 6 Installer for RHEL 7 | foreman | Will not fix |