{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-01-08T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-22T17:07:44.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/twbs/bootstrap/issues/27045"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/twbs/bootstrap/pull/27047"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628"}, {"name": "RHSA-2019:1456", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1456"}, {"name": "RHBA-2019:1076", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHBA-2019:1076"}, {"name": "RHBA-2019:1570", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHBA-2019:1570"}, {"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"}, {"name": "RHSA-2019:3023", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3023"}, {"name": "RHSA-2020:0132", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0132"}, {"name": "RHSA-2020:0133", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0133"}, {"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2021-14"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20677", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"}, {"name": "https://github.com/twbs/bootstrap/issues/27045", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/27045"}, {"name": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", "refsource": "MISC", "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"}, {"name": "https://github.com/twbs/bootstrap/pull/27047", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/pull/27047"}, {"name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628"}, {"name": "RHSA-2019:1456", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456"}, {"name": "RHBA-2019:1076", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1076"}, {"name": "RHBA-2019:1570", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570"}, {"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"}, {"name": "RHSA-2019:3023", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023"}, {"name": "RHSA-2020:0132", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0132"}, {"name": "RHSA-2020:0133", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0133"}, {"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"}, {"name": "https://www.tenable.com/security/tns-2021-14", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-14"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:05:17.696Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/twbs/bootstrap/issues/27045"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/twbs/bootstrap/pull/27047"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628"}, {"name": "RHSA-2019:1456", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1456"}, {"name": "RHBA-2019:1076", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHBA-2019:1076"}, {"name": "RHBA-2019:1570", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHBA-2019:1570"}, {"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"}, {"name": "RHSA-2019:3023", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3023"}, {"name": "RHSA-2020:0132", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0132"}, {"name": "RHSA-2020:0133", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0133"}, {"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2021-14"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20677", "datePublished": "2019-01-09T05:00:00.000Z", "dateReserved": "2019-01-08T00:00:00.000Z", "dateUpdated": "2024-08-05T12:05:17.696Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5E9597E-65BB-4E8A-B0E8-467D2903511B", "versionEndExcluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property."}, {"lang": "es", "value": "En Bootstrap, en versiones anteriores a la 3.4.0, Cross-Site Scripting (XSS) es posible en la propiedad \"affix\" en la configuraci\u00f3n."}], "id": "CVE-2018-20677", "lastModified": "2024-11-21T04:01:58.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-09T05:29:01.397", "references": [{"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHBA-2019:1076"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHBA-2019:1570"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:1456"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:3023"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2020:0132"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2020:0133"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/twbs/bootstrap/issues/27045"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/twbs/bootstrap/pull/27047"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://www.tenable.com/security/tns-2021-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHBA-2019:1076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHBA-2019:1570"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:1456"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:3023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2020:0132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2020:0133"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/twbs/bootstrap/issues/27045"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/twbs/bootstrap/pull/27047"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.tenable.com/security/tns-2021-14"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:5693", "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9", "package": "ceph-2:17.2.6-148.el9cp", "product_name": "Red Hat Ceph Storage 6.1", "release_date": "2023-10-12T00:00:00Z"}, {"advisory": "RHSA-2020:0133", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.6", "package": "bootstrap", "product_name": "Red Hat Decision Manager 7", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:3936", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ipa-0:4.6.8-5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4670", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "idm:client-8030020200923172426.05ac3f11", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4670", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "idm:DL1-8030020200923172343.9c827e52", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:5571", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "python-XStatic-Bootstrap-SCSS-0:3.4.1.0-1.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2020-12-16T00:00:00Z"}, {"advisory": "RHSA-2020:5571", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "python-XStatic-Bootstrap-SCSS-0:3.4.1.0-1.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2020-12-16T00:00:00Z"}, {"advisory": "RHSA-2020:0132", "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.6", "package": "bootstrap", "product_name": "Red Hat Process Automation 7", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2019:1456", "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.3", "package": "bootstrap", "product_name": "Red Hat Single Sign-On 7.3.2 zip", "release_date": "2019-06-11T00:00:00Z"}, {"advisory": "RHBA-2019:1076", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "ovirt-engine-api-explorer-0:0.0.4-1.el7ev", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2019-05-08T00:00:00Z"}, {"advisory": "RHBA-2019:1570", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "ovirt-engine-api-explorer-0:0.0.5-1.el7ev", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2019-06-20T00:00:00Z"}, {"advisory": "RHSA-2019:3023", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "ovirt-engine-ui-extensions-0:1.0.10-1.el7ev", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2019-10-10T00:00:00Z"}], "bugzilla": {"description": "bootstrap: XSS in the affix configuration target property", "id": "1668089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.", "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials."], "name": "CVE-2018-20677", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "bootstrap-sass", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Not affected", "package_name": "servicemesh-prometheus", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Affected", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:discovery:1", "fix_state": "Not affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery 1"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "pki-core", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pki-core:10.6/pki-core", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "bootstrap", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "bootstrap", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Out of support scope", "package_name": "bootstrap", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openshift3/ose-console", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "python-XStatic-Bootstrap-SCSS", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:14", "fix_state": "Affected", "package_name": "python-XStatic-Bootstrap-SCSS", "product_name": "Red Hat OpenStack Platform 14 (Rocky)"}, {"cpe": "cpe:/a:redhat:openstack:15", "fix_state": "Will not fix", "package_name": "python-XStatic-Bootstrap-SCSS", "product_name": "Red Hat OpenStack Platform 15 (Stein)"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Not affected", "package_name": "qpid-dispatch", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "qpid-dispatch", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "package_name": "python-XStatic-Bootstrap-SCSS", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "python-XStatic-Bootstrap-SCSS", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Not affected", "package_name": "bootstrap", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "cockpit-ovirt", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Out of support scope", "package_name": "ovirt-engine-dashboard", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Out of support scope", "package_name": "ovirt-js-dependencies", "product_name": "Red Hat Virtualization 4"}], "public_date": "2018-08-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-20677\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20677"], "statement": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "threat_severity": "Moderate"}

{}