Page tree
Skip to end of metadata
Go to start of metadata

Date: 30 August 2019

Severity: Medium (CVSS 4.3)

Affected versions: all released midPoint versions

Fixed in versions: 4.0 (unreleased), 3.9.1 (unreleased), 3.8.1 (unreleased), 3.7.3 (unreleased)

Description

Stored cross-site scripting (XSS) vulnerability exists in midPoint user interface that can be exploited by manipulation of object 'name' property.

Severity and Impact

Attacker needs authorization to change object names in midPoint. Such authorization is usually granted only to administrators and other privileged users. Only "Repository objects" page is affected.

Mitigation

Users of affected MidPoint versions are advised to upgrade their deployments to the latest builds from the support branches.

As this is a medium severity issue, it is not forcing official maintenance releases of midPoint. However, the fix is provided in all the support branches.

Discussion and Explanation

The code of "Repository objects" page used wrong method to use object name to construct HTML code of a page. Therefore this page was vulnerable to the XSS attack.

Credit

This issue was reported by Nicolas Destor by the means of EU-Free and Open Source Software Auditing (EU-FOSSA2) project.

See Also

  • No labels