CVE-2016-6519

Published on: 04/21/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:11 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Certain versions of Manila from Openstack contain the following vulnerability:

Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.

  • CVE-2016-6519 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.4 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED LOW LOW NONE

CVSS2 Score: 3.5 - LOW

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
oss-security - CVE-2016-6519: openstack-manila: Persistent XSS in Metadata field Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160915 CVE-2016-6519: openstack-manila: Persistent XSS in Metadata field
1375147 – (CVE-2016-6519) CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field Issue Tracking
Third Party Advisory
VDB Entry
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1375147
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2115
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2117
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2116
OpenStack manila CVE-2016-6519 HTML Injection Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 93001
Bug #1597738 “Persistent XSS in Metadata field” : Bugs : manila-ui Issue Tracking
Third Party Advisory
VDB Entry
bugs.launchpad.net
text/html
URL Logo CONFIRM bugs.launchpad.net/manila-ui/+bug/1597738

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpenstackManilaAllAllAllAll
ApplicationRedhatOpenstack7.0AllAllAll
ApplicationRedhatOpenstack8.0AllAllAll
ApplicationRedhatOpenstack9.0AllAllAll
ApplicationRedhatOpenstack7.0AllAllAll
ApplicationRedhatOpenstack8.0AllAllAll
ApplicationRedhatOpenstack9.0AllAllAll
  • cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*: