oss-sec mailing list archives

Re: CVE request: stored XSS in PowerDNS < 3.4.7

From: Pieter Lexis <pieter.lexis () powerdns com>
Date: Fri, 6 Nov 2015 10:45:58 +0100

Hi,

On 11/06/2015 10:07 AM, Damien Cauquil wrote:

PowerDNS < 3.4.7 was prone to a stored XSS vulnerability, now fixed in
version 3.4.7.

This commit by the PowerDNS team fixes it:

https://github.com/PowerDNS/pdns/commit/416d252

Could a CVE be assigned to this issue ?


This stored XSS was in a component (the built-in webserver) that
1) is disabled by default
2) should only be opened up on a non-public network (or with
   authentications in front)
3) serves a simple read-only webpage

To 'exploit' this XSS, someone with knowledge of the target's
infrastructure must send the target a malicious link (with the exploit
code embedded in the link). As this is built-in webpage is (should) only
accessible to the operators of the DNS server, the attack-surface for
this attack is very low.

We consider this XSS a very low risk vulnerability because of this and
suggest a CVE be not assigned.

-- 
Pieter Lexis
PowerDNS.COM BV - https://www.powerdns.com

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE request: stored XSS in PowerDNS < 3.4.7 Damien Cauquil (Nov 06)
- Re: CVE request: stored XSS in PowerDNS < 3.4.7 Pieter Lexis (Nov 06)