vulnerability
CentOS Linux: CVE-2023-28362: Moderate: Satellite 6.14.1 Async Security Update (CESA-2023:7851)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:P/A:N) | Dec 19, 2023 | Dec 19, 2023 | Feb 18, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:P/A:N)
Published
Dec 19, 2023
Added
Dec 19, 2023
Modified
Feb 18, 2025
Description
A Cross-site Scripting (XSS) vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned location header.
Solution(s)
centos-upgrade-foreman-clicentos-upgrade-satellite-cli
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.