Search
Find a vulnerability
Search criteria
2 vulnerabilities found for norman by SUSE
CVE-2023-32193 (GCVE-0-2023-32193)
Vulnerability from nvd – Published: 2024-10-16 12:27 – Updated: 2024-10-16 16:23
VLAI
Title
Norman API Cross-site Scripting Vulnerability
Summary
A vulnerability has been identified in which unauthenticated cross-site
scripting (XSS) in Norman's public API endpoint can be exploited. This
can lead to an attacker exploiting the vulnerability to trigger
JavaScript code and execute commands remotely.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page
Assigner
References
Impacted products
Date Public
2024-02-08 17:46
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rancher:norman:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "norman",
"vendor": "rancher",
"versions": [
{
"lessThan": "0.0.0-20240207153100-3bb70b772b52",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T15:55:36.386774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T16:23:57.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/norman",
"product": "norman",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.0.0-20240207153100-3bb70b772b52",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "https://github.com/diego95root"
},
{
"lang": "en",
"type": "finder",
"value": "https://github.com/kujalamathias"
}
],
"datePublic": "2024-02-08T17:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified in which unauthenticated cross-site \nscripting (XSS) in Norman\u0027s public API endpoint can be exploited. This \ncan lead to an attacker exploiting the vulnerability to trigger \nJavaScript code and execute commands remotely.\u003cbr\u003e"
}
],
"value": "A vulnerability has been identified in which unauthenticated cross-site \nscripting (XSS) in Norman\u0027s public API endpoint can be exploited. This \ncan lead to an attacker exploiting the vulnerability to trigger \nJavaScript code and execute commands remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T12:27:13.591Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32193"
},
{
"url": "https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Norman API Cross-site Scripting Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2023-32193",
"datePublished": "2024-10-16T12:27:13.591Z",
"dateReserved": "2023-05-04T08:30:59.322Z",
"dateUpdated": "2024-10-16T16:23:57.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32193 (GCVE-0-2023-32193)
Vulnerability from cvelistv5 – Published: 2024-10-16 12:27 – Updated: 2024-10-16 16:23
VLAI
Title
Norman API Cross-site Scripting Vulnerability
Summary
A vulnerability has been identified in which unauthenticated cross-site
scripting (XSS) in Norman's public API endpoint can be exploited. This
can lead to an attacker exploiting the vulnerability to trigger
JavaScript code and execute commands remotely.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page
Assigner
References
Impacted products
Date Public
2024-02-08 17:46
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rancher:norman:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "norman",
"vendor": "rancher",
"versions": [
{
"lessThan": "0.0.0-20240207153100-3bb70b772b52",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T15:55:36.386774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T16:23:57.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/norman",
"product": "norman",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.0.0-20240207153100-3bb70b772b52",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "https://github.com/diego95root"
},
{
"lang": "en",
"type": "finder",
"value": "https://github.com/kujalamathias"
}
],
"datePublic": "2024-02-08T17:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified in which unauthenticated cross-site \nscripting (XSS) in Norman\u0027s public API endpoint can be exploited. This \ncan lead to an attacker exploiting the vulnerability to trigger \nJavaScript code and execute commands remotely.\u003cbr\u003e"
}
],
"value": "A vulnerability has been identified in which unauthenticated cross-site \nscripting (XSS) in Norman\u0027s public API endpoint can be exploited. This \ncan lead to an attacker exploiting the vulnerability to trigger \nJavaScript code and execute commands remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T12:27:13.591Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32193"
},
{
"url": "https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Norman API Cross-site Scripting Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2023-32193",
"datePublished": "2024-10-16T12:27:13.591Z",
"dateReserved": "2023-05-04T08:30:59.322Z",
"dateUpdated": "2024-10-16T16:23:57.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}