All Vulnerability Reports

CVE-2019-8331: Bootstrap XSS

Severity

Medium

Vendor

Pivotal Cloud Foundry

Description

Pivotal Ops Manager versions 2.2.x prior to 2.2.19, 2.3.x prior to 2.3.11, and 2.4.x prior to 2.4.5, contain a dependency on Bootstrap version 3.4.0 which contains a cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

• Ops Manager
  • 2.4 versions prior to 2.4.5
  • 2.3 versions prior to 2.3.11
  • 2.2 versions prior to 2.2.19

Mitigation

Users of affected versions should apply the following mitigation:

• Releases that have fixed this issue include:
  • Ops Manager: 2.4.5, 2.3.11, 2.2.19

References

• https://github.com/twbs/bootstrap/issues/20184
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8331

History

2019-03-07: Initial vulnerability report published