Project

General

Profile

Actions

Bug #21443

closed

Bug #21442: Various XSS vulnerabilities in the interface

Vulnerability in elm virtual-dom

Added by Alexis Mousset over 2 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:

Description

See https://jfmengels.net/virtual-dom-security-patch/, there were fixes for several issues, including XSS that could affect us.


Subtasks 4 (0 open4 closed)

Bug #21450: Vulnerability in elm virtual-dom - 7.0ReleasedFrançois ARMANDActions
Bug #21453: Vulnerability in elm virtual-dom - 7.1ReleasedFrançois ARMANDActions
Bug #21455: Vulnerability in elm virtual-dom - 7.2ReleasedFrançois ARMANDActions
Rudder plugins - Bug #21456: Vulnerability in elm virtual-dom - 7.2 - pluginsRejectedActions
Actions #1

Updated by Alexis Mousset over 2 years ago

  • Description updated (diff)
Actions #2

Updated by Alexis Mousset over 2 years ago

  • Parent task set to #21442
Actions #3

Updated by Alexis Mousset over 2 years ago

  • Target version changed from old 6.1 issues to relocate to 6.2.16
Actions #4

Updated by Alexis Mousset over 2 years ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions #5

Updated by Alexis Mousset over 2 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/4382
Actions #6

Updated by Alexis Mousset over 2 years ago

  • Subtask #21447 added
Actions #7

Updated by Alexis Mousset over 2 years ago

  • Status changed from Pending technical review to Pending release
Actions #8

Updated by Alexis Mousset over 2 years ago

  • Subtask #21450 added
Actions #9

Updated by Alexis Mousset over 2 years ago

  • Subtask #21453 added
Actions #10

Updated by Alexis Mousset over 2 years ago

  • Subtask #21455 added
Actions #11

Updated by François ARMAND over 2 years ago

  • Fix check changed from To do to Checked
Actions #12

Updated by Alexis Mousset over 2 years ago

This bug has been fixed in Rudder 6.2.16, 7.0.5 and 7.1.3 which were released today.

Actions #13

Updated by Alexis Mousset over 2 years ago

  • Status changed from Pending release to Released
Actions #14

Updated by Alexis Mousset over 1 year ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF