Bug 1193851 – VUL-0: CVE-2021-4124: janus-gateway: XSS during web page generation

Bug 1193851 - (CVE-2021-4124) VUL-0: CVE-2021-4124: janus-gateway: XSS during web page generation

(CVE-2021-4124)
Summary:	VUL-0: CVE-2021-4124: janus-gateway: XSS during web page generation

Status:	RESOLVED DUPLICATE of bug 1193156

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 15.3
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assigned To:	Michael Ströder
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/317815/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-12-17 08:00 UTC by Thomas Leroy
Modified:	2021-12-17 09:12 UTC (History)
CC List:	0 users

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2021-12-17 08:00:52 UTC

CVE-2021-4124

janus-gateway is vulnerable to Improper Neutralization of Input During Web Page
Generation ('Cross-site Scripting')

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4124
https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d
https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190

Comment 1 Thomas Leroy 2021-12-17 08:03:54 UTC

openSUSE:Factory should be affected

Comment 2 Michael Ströder 2021-12-17 09:12:39 UTC

Already fixed by upstream update (see #1193156).

*** This bug has been marked as a duplicate of bug 1193156 ***