CVE-2018-1000129 Information

Description

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim’s browser.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:3817 https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5fdiff-f19898247eddb55de6400489bff748ad https://jolokia.org/Security_fixes_with_1.5.0

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1