{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-1932","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2023-04-06T20:10:01.569Z","datePublished":"2024-11-07T10:00:51.745Z","dateUpdated":"2024-11-07T14:09:26.936Z"},"containers":{"cna":{"title":"Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks."}],"affected":[{"vendor":"Red Hat","product":"A-MQ Clients 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"org.apache.logging.log4j-log4j","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:a_mq_clients:2"]},{"vendor":"Red Hat","product":"Cryostat 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hibernate-validator","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:cryostat:2"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hibernate-validator","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat A-MQ Online","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"io.enmasse-enmasse","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:amq_online:1"]},{"vendor":"Red Hat","product":"Red Hat BPM Suite 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:6"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Studio 12","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hibernate-validator","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_developer_studio:12."]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hibernate-validator","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Decision Manager 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_brms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss BRMS 5","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_brms_platform:5"]},{"vendor":"Red Hat","product":"Red Hat JBoss Data Grid 7","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_data_grid:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Data Virtualization 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_data_virtualization:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 5","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:5"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"hibernate-validator","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Continuous Delivery","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"hibernate-validator","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_cd"]},{"vendor":"Red Hat","product":"Red Hat JBoss Fuse 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_fuse:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Fuse Service Works 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_fuse_service_works:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Operations Network 3","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_operations_network:3"]},{"vendor":"Red Hat","product":"Red Hat JBoss SOA Platform 5","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_soa_platform:5"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 10 (Newton)","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"opendaylight","defaultStatus":"unknown","cpes":["cpe:/a:redhat:openstack:10"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 13 (Queens)","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"opendaylight","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:13"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"candlepin","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hibernate-validator","defaultStatus":"affected","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]},{"vendor":"Red Hat","product":"Red Hat support for Spring Boot","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hibernate-validator","defaultStatus":"unknown","cpes":["cpe:/a:redhat:openshift_application_runtimes:1.0"]},{"vendor":"Red Hat","product":"streams for Apache Kafka","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hibernate-validator","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:amq_streams:1"]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2023-1932","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1809444","name":"RHBZ#1809444","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2024-02-07T00:00:00.000Z","timeline":[{"lang":"en","time":"2020-02-27T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2024-02-07T00:00:00.000Z","value":"Made public."}],"credits":[{"lang":"en","value":"Red Hat would like to thank Christian Kistner (SySS GmbH) and Moritz Bechler (SySS GmbH) for reporting this issue."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2024-11-07T10:00:51.745Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-07T14:09:13.280925Z","id":"CVE-2023-1932","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-07T14:09:26.936Z"}}]}}