Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 887487 (CVE-2019-20378, CVE-2019-20379)

Summary: sys-cluster/ganglia-web: multiple vulnerabilities
Product: Gentoo Security Reporter: Michał Górny <mgorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: cluster, dan, proxy-maint
Priority: Normal Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/ganglia/ganglia-web/issues/351
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2022-12-20 18:44:22 UTC 
https://nvd.nist.gov/vuln/detail/CVE-2019-20378

"ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter."

https://nvd.nist.gov/vuln/detail/CVE-2019-20379

"ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter."
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-20 22:07:11 UTC 
Thanks!
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2023-01-19 14:00:42 UTC 
Package removed.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-19 15:40:55 UTC 
Thanks, all done!