CVE-2019-8331: Bootstrap XSS
Severity
Medium
Vendor
Pivotal Cloud Foundry
Description
Pivotal Ops Manager versions 2.2.x prior to 2.2.19, 2.3.x prior to 2.3.11, and 2.4.x prior to 2.4.5, contain a dependency on Bootstrap version 3.4.0 which contains a cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Ops Manager
- 2.4 versions prior to 2.4.5
- 2.3 versions prior to 2.3.11
- 2.2 versions prior to 2.2.19
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Ops Manager: 2.4.5, 2.3.11, 2.2.19
References
- https://github.com/twbs/bootstrap/issues/20184
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8331
History
2019-03-07: Initial vulnerability report published