Candidate: CVE-2019-10179
PublicDate: 2020-03-20 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10179
 https://bugzilla.redhat.com/show_bug.cgi?id=1695901
Description:
 A vulnerability was found in all pki-core 10.x.x versions, where the Key
 Recovery Authority (KRA) Agent Service did not properly sanitize recovery
 request search page, enabling a Reflected Cross Site Scripting (XSS)
 vulnerability. An attacker could trick an authenticated victim into
 executing specially crafted Javascript code.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_dogtag-pki:
 upstream: https://github.com/dogtagpki/pki/commit/8884b4344225bd6656876d9e2a58b3268e9a899b
 upstream: https://github.com/dogtagpki/pki/pull/488/commits/90780440a2617fa87362e56319edff48505ba40d
upstream_dogtag-pki: released (10.9.0-b3)
precise/esm_dogtag-pki: DNE
trusty_dogtag-pki: ignored (out of standard support)
trusty/esm_dogtag-pki: DNE
xenial_dogtag-pki: ignored (end of standard support, was needs-triage)
bionic_dogtag-pki: needed
eoan_dogtag-pki: ignored (reached end-of-life)
focal_dogtag-pki: needed
groovy_dogtag-pki: not-affected
hirsute_dogtag-pki: not-affected
impish_dogtag-pki: not-affected
jammy_dogtag-pki: not-affected
devel_dogtag-pki: not-affected