Loading...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.12.z
Component/s: oauth-apiserver
Labels:
None

Regression:
None
Epic Link:
CVE-2023-29400
Story Points:
2
Sprint:
SDN Sprint 258
sprint_count:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

there is a match that should be addressed:

1:File: pkg/server/tokenrequest/tokenrequest.go
2:Match: token={{.AccessToken}}</span> <span class="nowrap">--server={{.PublicMasterURL}}

both AccessToken and PublicMasterURL should be wrapped in quotes.

is cloned by

OCPBUGS-38683 CVE-2023-29400: fix unquoted attributes in net/http templates

Closed

is related to

SDN-5147 Fix CVE-2023-29400 across OpenShift

Closed

Assignee:: Jamo Luhrsen

Reporter:: Jamo Luhrsen

QA Contact:: Xingxing Xia

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/08/19 8:23 PM

Updated:: 2024/08/20 8:49 PM

Resolved:: 2024/08/20 8:49 PM