[midPoint] Security Advisory: Stored XSS vulnerability via 'name' property
Radovan Semancik
radovan.semancik at evolveum.com
Fri Aug 30 16:10:17 CEST 2019
Date: 30 August 2019
Severity: Medium (CVSS 4.3)
Affected versions: all released midPoint versions
Fixed in versions: 4.0 (unreleased), 3.9.1 (unreleased), 3.8.1
(unreleased), 3.7.3 (unreleased)
Description
Stored cross-site scripting (XSS) vulnerability exists in midPoint user
interface that can be exploited by manipulation of object 'name' property.
Severity and Impact
Attacker needs authorization to change object names in midPoint. Such
authorization is usually granted only to administrators and other
privileged users. Only "Repository objects" page is affected.
Mitigation
Users of affected MidPoint versions are advised to upgrade their
deployments to the latest builds from the support branches.
As this is a medium severity issue, it is not forcing official
maintenance releases of midPoint. However, the fix is provided in all
the support branches.
Discussion and Explanation
The code of "Repository objects" page used wrong method to use object
name to construct HTML code of a page. Therefore this page was
vulnerable to the XSS attack.
Credit
This issue was reported by Nicolas Destorby the means of EU-Free and
Open Source Software Auditing (EU-FOSSA2) project.
See Also
https://wiki.evolveum.com/display/midPoint/Security+Advisory%3A+Stored+XSS+vulnerability+via+%27name%27+property
--
Radovan Semancik
Software Architect
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190830/135692f5/attachment.htm>
More information about the midPoint
mailing list