Bug 1166190 (CVE-2018-17572)

Summary:	VUL-0: CVE-2018-17572: influxdb: Reflected cross-site-scripting in the Write Data module
Product:	[openSUSE] openSUSE Distribution	Reporter:	Robert Frohl <rfrohl>
Component:	Security	Assignee:	Cloud Bugs <cloud-bugs>
Status:	RESOLVED INVALID	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P5 - None
Version:	Leap 15.2
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/254067/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Robert Frohl 2020-03-10 08:19:39 UTC

rh#1811836

InfluxDB 0.9.5 has Reflected XSS in the Write Data module.

References:

https://github.com/influxdata/influxdb/releases/tag/v0.9.6 
https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1811836
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17572
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17572.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17572
https://github.com/influxdata/influxdb/releases/tag/v0.9.6
https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48

Comment 1 Robert Frohl 2020-03-10 08:21:38 UTC

already fixed in all version shipped in openSUSE.