CVE-2022-3205 - Vulnerability Details - OpenCVE

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0051.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Ansible Automation Platform

Configuration 1 [-]

OR	cpe:2.3:a:redhat:ansible_automation_platform:1.2:::::::*
	cpe:2.3:a:redhat:ansible_automation_platform:2.0:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-42622	Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2022-3205
https://bugzilla.redhat.com/show_bug.cgi?id=2120597
https://nvd.nist.gov/vuln/detail/CVE-2022-3205
https://www.cve.org/CVERecord?id=CVE-2022-3205

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-09-13T19:19:46

Updated: 2024-08-03T01:00:10.844Z

Reserved: 2022-09-13T00:00:00

Link: CVE-2022-3205

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-13T20:15:09.937

Modified: 2024-11-21T07:19:02.800

Link: CVE-2022-3205

Redhat

Severity : Moderate

Publid Date: 2022-08-23T11:20:00Z

Links: CVE-2022-3205 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"title": "Controller: cross site scripting in automation controller ui", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection"}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 1.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ansible-tower", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ansible_automation_platform"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "automation-controller", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ansible_automation_platform:2"]}], "references": [{"tags": ["vdb-entry", "x_redhatRef"], "url": "https://access.redhat.com/security/cve/CVE-2022-3205"}, {"name": "RHBZ#2120597", "tags": ["issue-tracking", "x_redhatRef"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120597"}], "datePublic": "2022-08-23T11:20:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "timeline": [{"lang": "en", "time": "2022-08-23T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-08-23T11:20:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Oleg Sushchenko (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-28T17:53:01.922Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.844Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_redhatRef", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2022-3205"}, {"name": "RHBZ#2120597", "tags": ["issue-tracking", "x_redhatRef", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120597"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3205", "datePublished": "2022-09-13T19:19:46", "dateReserved": "2022-09-13T00:00:00", "dateUpdated": "2024-08-03T01:00:10.844Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "CBA4F8F3-6FC3-4ADD-BB96-A707E94AB0AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection"}, {"lang": "es", "value": "Se presenta un ataque de tipo un XSS en la Interfaz de Usuario del controlador de automatizaci\u00f3n en el que el nombre del proyecto es susceptible de inyecci\u00f3n de tipo XSS"}], "id": "CVE-2022-3205", "lastModified": "2024-11-21T07:19:02.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-13T20:15:09.937", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2022-3205"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120597"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/cve/CVE-2022-3205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120597"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}