CVE-2022-4975 Information

Description

A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal for example on any of the /main/configmanagement/ endpoints the front-end generates a DOM table-element (id=\pdf-table). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Reference

https://access.redhat.com/security/cve/CVE-2022-4975 https://bugzilla.redhat.com/show_bug.cgi?id=2071527

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

LOW

Base Severity

8.9