CVE-2024-38503

Sažetak

When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue.

Reference

https://syncope.apache.org/security#cve-2024-38503-html-tags-can-be-injected-into-console-or-enduser
https://www.openwall.com/lists/oss-security/2024/07/22/3
http://www.openwall.com/lists/oss-security/2024/07/22/3
https://syncope.apache.org/security#cve-2024-38503-html-tags-can-be-injected-into-console-or-enduser

CVSS

Base:	5.4
Impact:	2.7
Exploitability:	2.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

06-12-2024 - 22:15

Objavljeno

22-07-2024 - 10:15