Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2017-7233

Related Vulnerabilities: CVE-2017-7233  

A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.

Source
A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.

Find out more about CVE-2017-7233 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of python-django as shipped with Red Hat Satellite 6. Please note that python-django, as used by Pulp does not make use of the Pulp doesn't use "is_safe_url" directly or the "i18n" views or the "django.contrib.auth" Login view. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

CVSS v3 metrics

CVSS3 Base Score 6.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Impact Low
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat OpenStack Platform 9.0 (python-django) RHSA-2017:1462 2017-06-14
Red Hat Satellite 6.4 for RHEL 7 (python-django) RHSA-2018:2927 2018-10-16
Red Hat OpenStack Platform 11.0 (Ocata) (python-django) RHSA-2017:3093 2017-10-31
Red Hat OpenStack Platform 8.0 (Liberty) (python-django) RHSA-2017:1470 2017-06-14
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 (python-django) RHSA-2017:1445 2017-06-14
Red Hat Satellite 6.4 for RHEL 7 (python-django) RHSA-2018:2927 2018-10-16
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 (python-django) RHSA-2017:1451 2017-06-14
Red Hat OpenStack Platform 10 (python-django) RHSA-2017:1596 2017-06-28

Affected Packages State

Platform Package State
Red Hat Subscription Asset Manager 1 Django Will not fix
Red Hat Storage Console 2 Django Will not fix
Red Hat Storage Console 2 python-django Will not fix
Red Hat Satellite 6 python-django Will not fix
Red Hat OpenStack Platform Operational Tools 9 python-django Will not fix
Red Hat OpenStack Platform 12.0 python-django Not affected
Red Hat OpenStack Platform 10.0 Operational Tools for RHEL 7 python-django Not affected
Red Hat Enterprise Linux OpenStack Platform 8.0 Operational Tools for RHEL 7 python-django Will not fix
Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7 python-django Will not fix
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) python-django Will not fix
Red Hat Ceph Storage 2 Django Will not fix
Red Hat Ceph Storage 1.3 Django Will not fix

Acknowledgements

Red Hat would like to thank the Django project for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started