Uploaded image for project: 'TEST Defect Tracking Project'
  1. TEST Defect Tracking Project
  2. TEST-1296

Group 1

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • False
    • None
    • False

      A group of Findings has been pushed to JIRA to be investigated and fixed:

      Group

      Group: Group 1 in test/product / AdHoc Import - Fri, 12 Apr 2024 13:26:02 / cspodman Scan (SARIF)

      Severity CVE CWE Component Version Title Status
      High None 918 None None Unsanitized Input From an HTTP Header Flows Into _, Where It Is Used as an URL to Perform a Request. This May Result in a Server-Side Request [...] Active, Verified
      High None 918 None None Unsanitized Input From an HTTP Header Flows Into _, Where It Is Used as an URL to Perform a Request. This May Result in a Server-Side Request [...] Active, Verified

      Severity: High

      Findings

      Unsanitized Input From an HTTP Header Flows Into _, Where It Is Used as an URL to Perform a Request. This May Result in a Server-Side Request [...]

      Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2970552 (2970552)
      Severity: High

      CWE: CWE-918
      CVE: Unknown

      Source File: unpacked_remote_sources/istio-operator/app/vendor/github.com/docker/distribution/registry/api/v2/urls.go

      Source Line: 95

      Description:
      *Result message:* Unsanitized input from an HTTP header flows into _, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability.
      *Code flow:*
      1. unpacked_remote_sources/istio-operator/app/vendor/github.com/docker/distribution/registry/api/v2/urls.go:L95:C3
      Unsanitized input from an HTTP header flows into _, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability.

      References:
      https://cwe.mitre.org/data/definitions/918.html

      Reporter: (ccota) ()

      Findings

      Unsanitized Input From an HTTP Header Flows Into _, Where It Is Used as an URL to Perform a Request. This May Result in a Server-Side Request [...]

      Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2970553 (2970553)
      Severity: High

      CWE: CWE-918
      CVE: Unknown

      Source File: unpacked_remote_sources/istio-operator/app/vendor/github.com/docker/distribution/registry/client/auth/session.go

      Source Line: 84

      Description:
      *Result message:* Unsanitized input from an HTTP header flows into _, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability.
      *Code flow:*
      1. unpacked_remote_sources/istio-operator/app/vendor/github.com/docker/distribution/registry/client/auth/session.go:L84:C3
      Unsanitized input from an HTTP header flows into _, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability.

      References:
      https://cwe.mitre.org/data/definitions/918.html

      Reporter: (ccota) ()

              Unassigned Unassigned
              defectdojo-prodsec Defect Dojo (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: