Privilege escalation via stored XSS using the file upload service to upload malicious content.
The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/04/18/2 | |
https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt | Mailing List Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2023-03-29T12:21:46.932Z
Updated: 2023-03-29T12:21:46.932Z
Reserved: 2023-03-13T02:37:38.879Z
Link: CVE-2023-28158
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-29T13:15:08.313
Modified: 2023-04-18T03:15:07.763
Link: CVE-2023-28158
JSON object: View
Redhat Information
No data.
CWE