CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.


Mitre ID

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29456

CVSS score

5.7

Severity

Medium

Summary

Inefficient URL schema validation

Description

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.

Known attack vectors

This Inefficient URL schema validation leads to the XSS in maps, triggers, and other places where links can be added.

Patch provided 

No

Component/s

Frontend

Affected version/s and fix version/s

·         Affected: 4.0.46, 5.0.35, 6.0.18, 6.4.3, 7.0.0alpha1  
·         Fix: 4.0.46rc1, 5.0.35rc1, 6.0.18rc1, 6.4.3rc1, 7.0.0alpha1

Fix compatibility tests

\-

Resolution

Fixed

Workarounds

None

Acknowledgements

**\-**

Headline

CVE-2023-29456: [ZBX-22987] Inefficient URL schema validation (CVE-2023-29456)

CVE: Latest News