CVE-2019-10215

Upstream information

CVE-2019-10215 at MITRE

Description

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	Partial
Availability Impact	None

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

SUSE-CU-2020:787-1, published Sat Dec 12 00:08:40 MST 2020
SUSE-SU-2020:1715-1, published Tue Jun 23 10:53:05 MDT 2020
SUSE-SU-2020:1718-1, published Tue Jun 23 10:15:53 MDT 2020
SUSE-SU-2020:1970-1, published Mon Jul 20 22:50:31 MDT 2020
SUSE-SU-2020:1972-1, published Mon Jul 20 22:58:27 MDT 2020
SUSE-SU-2020:2606-1, published Fri Sep 11 04:39:36 MDT 2020
openSUSE-SU-2020:1105-1, published Tue, 28 Jul 2020 00:12:36 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
Container caasp/v4/grafana:7.1.5 Image caasp4/caasp-grafana-image	`grafana >= 7.0.3-1.9.2`
HPE Helion Openstack 8	`cobbler >= 2.6.6-49.26.3` `golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: HPE-Helion-OpenStack-8-2020-1970
SUSE Enterprise Storage 6	`golang-github-prometheus-prometheus >= 2.18.0-3.3.1`	Patchnames: SUSE-Storage-6-2020-2606
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1	`golang-github-prometheus-prometheus >= 2.18.0-3.3.1` `python2-rhnlib >= 4.1.2-3.16.2` `python2-spacewalk-check >= 4.1.5-3.23.2` `python2-spacewalk-client-setup >= 4.1.5-3.23.2` `python2-spacewalk-client-tools >= 4.1.5-3.23.2` `python2-spacewalk-koan >= 4.1.1-3.9.2` `python2-spacewalk-oscap >= 4.1.1-3.6.3` `python2-suseRegisterInfo >= 4.1.2-3.6.2` `python2-zypp-plugin-spacewalk >= 1.0.7-3.12.2` `rhnlib >= 4.1.2-3.16.2` `spacecmd >= 4.1.4-3.38.2` `spacewalk-client-tools >= 4.1.5-3.23.2` `spacewalk-koan >= 4.1.1-3.9.2` `spacewalk-oscap >= 4.1.1-3.6.3` `suseRegisterInfo >= 4.1.2-3.6.2` `zypp-plugin-spacewalk >= 1.0.7-3.12.2`	Patchnames: SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1972 SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-2606
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2	`golang-github-prometheus-prometheus >= 2.18.0-3.3.1`	Patchnames: SUSE-SLE-Module-Development-Tools-OBS-15-SP2-2020-2606
SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server for SAP Applications 12 SP3-BCL	`golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-SLE-SERVER-12-SP3-BCL-2020-1970
SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server for SAP Applications 12 SP3-ESPOS	`golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-SLE-SERVER-12-SP3-ESPOS-2020-1970
SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3-LTSS	`golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-SLE-SERVER-12-SP3-2020-1970
SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server for SAP Applications 12 SP4-ESPOS	`golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-SLE-SERVER-12-SP4-ESPOS-2020-1970
SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP4-LTSS	`golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-SLE-SERVER-12-SP4-LTSS-2020-1970
SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5	`golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-SLE-SERVER-12-SP5-2020-1970
SUSE Linux Enterprise Server for SAP Applications 12 SP3	`golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-SLE-SAP-12-SP3-2020-1970
SUSE Linux Enterprise Server for SAP Applications 12 SP4	`golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-SLE-SAP-12-SP4-2020-1970
SUSE Manager Tools 12	`cobbler >= 2.6.6-49.26.3` `golang-github-prometheus-node_exporter >= 0.18.1-1.6.2` `golang-github-prometheus-prometheus >= 2.18.0-1.12.2` `grafana >= 7.0.3-1.9.3` `koan >= 2.6.6-49.26.3` `mgr-cfg >= 4.1.2-1.12.3` `mgr-cfg-actions >= 4.1.2-1.12.3` `mgr-cfg-client >= 4.1.2-1.12.3` `mgr-cfg-management >= 4.1.2-1.12.3` `mgr-custom-info >= 4.1.1-1.6.1` `mgr-daemon >= 4.1.1-1.14.2` `mgr-osad >= 4.1.2-1.15.2` `mgr-push >= 4.1.1-1.6.3` `mgr-virtualization >= 4.1.1-1.14.3` `mgr-virtualization-host >= 4.1.1-1.14.3` `python2-mgr-cfg >= 4.1.2-1.12.3` `python2-mgr-cfg-actions >= 4.1.2-1.12.3` `python2-mgr-cfg-client >= 4.1.2-1.12.3` `python2-mgr-cfg-management >= 4.1.2-1.12.3` `python2-mgr-osa-common >= 4.1.2-1.15.2` `python2-mgr-osad >= 4.1.2-1.15.2` `python2-mgr-push >= 4.1.1-1.6.3` `python2-mgr-virtualization-common >= 4.1.1-1.14.3` `python2-mgr-virtualization-host >= 4.1.1-1.14.3` `python2-rhnlib >= 4.1.2-21.22.2` `python2-spacewalk-check >= 4.1.5-52.32.2` `python2-spacewalk-client-setup >= 4.1.5-52.32.2` `python2-spacewalk-client-tools >= 4.1.5-52.32.2` `python2-spacewalk-koan >= 4.1.1-24.12.2` `python2-spacewalk-oscap >= 4.1.1-19.12.1` `python2-suseRegisterInfo >= 4.1.2-25.9.2` `python2-uyuni-common-libs >= 4.1.5-1.3.2` `python2-zypp-plugin-spacewalk >= 1.0.7-30.21.2` `rhnlib >= 4.1.2-21.22.2` `spacecmd >= 4.1.4-38.61.2` `spacewalk-check >= 4.1.5-52.32.2` `spacewalk-client-setup >= 4.1.5-52.32.2` `spacewalk-client-tools >= 4.1.5-52.32.2` `spacewalk-koan >= 4.1.1-24.12.2` `spacewalk-oscap >= 4.1.1-19.12.1` `spacewalk-remote-utils >= 4.1.1-24.15.3` `supportutils-plugin-susemanager-client >= 4.1.2-6.15.1` `suseRegisterInfo >= 4.1.2-25.9.2` `uyuni-base >= 4.1.1-1.3.1` `uyuni-base-common >= 4.1.1-1.3.1` `uyuni-common-libs >= 4.1.5-1.3.2` `zypp-plugin-spacewalk >= 1.0.7-30.21.2`	Patchnames: SUSE-SLE-Manager-Tools-12-2020-1970
SUSE Manager Tools 15	`dracut-saltboot >= 0.1.1590413773.a959db7-1.12.2` `golang-github-prometheus-prometheus >= 2.18.0-3.12.2` `grafana >= 7.0.3-1.9.2` `koan >= 2.9.0-4.15.2` `mgr-cfg >= 4.1.2-1.12.4` `mgr-cfg-actions >= 4.1.2-1.12.4` `mgr-cfg-client >= 4.1.2-1.12.4` `mgr-cfg-management >= 4.1.2-1.12.4` `mgr-custom-info >= 4.1.1-1.6.2` `mgr-daemon >= 4.1.1-1.14.2` `mgr-osad >= 4.1.2-1.15.2` `mgr-push >= 4.1.1-1.6.4` `mgr-virtualization >= 4.1.1-1.14.2` `mgr-virtualization-host >= 4.1.1-1.14.2` `python3-mgr-cfg >= 4.1.2-1.12.4` `python3-mgr-cfg-actions >= 4.1.2-1.12.4` `python3-mgr-cfg-client >= 4.1.2-1.12.4` `python3-mgr-cfg-management >= 4.1.2-1.12.4` `python3-mgr-osa-common >= 4.1.2-1.15.2` `python3-mgr-osad >= 4.1.2-1.15.2` `python3-mgr-push >= 4.1.1-1.6.4` `python3-mgr-virtualization-common >= 4.1.1-1.14.2` `python3-mgr-virtualization-host >= 4.1.1-1.14.2` `python3-rhnlib >= 4.1.2-3.16.2` `python3-spacewalk-check >= 4.1.5-3.23.2` `python3-spacewalk-client-setup >= 4.1.5-3.23.2` `python3-spacewalk-client-tools >= 4.1.5-3.23.2` `python3-spacewalk-koan >= 4.1.1-3.9.2` `python3-spacewalk-oscap >= 4.1.1-3.6.3` `python3-suseRegisterInfo >= 4.1.2-3.6.2` `python3-uyuni-common-libs >= 4.1.5-1.3.2` `python3-zypp-plugin-spacewalk >= 1.0.7-3.12.2` `rhnlib >= 4.1.2-3.16.2` `spacecmd >= 4.1.4-3.38.2` `spacewalk-check >= 4.1.5-3.23.2` `spacewalk-client-setup >= 4.1.5-3.23.2` `spacewalk-client-tools >= 4.1.5-3.23.2` `spacewalk-koan >= 4.1.1-3.9.2` `spacewalk-oscap >= 4.1.1-3.6.3` `spacewalk-remote-utils >= 4.1.1-3.12.4` `supportutils-plugin-susemanager-client >= 4.1.2-3.9.2` `suseRegisterInfo >= 4.1.2-3.6.2` `uyuni-base >= 4.1.1-1.3.2` `uyuni-base-common >= 4.1.1-1.3.2` `uyuni-common-libs >= 4.1.5-1.3.2` `zypp-plugin-spacewalk >= 1.0.7-3.12.2`	Patchnames: SUSE-SLE-Manager-Tools-15-2020-1972
SUSE OpenStack Cloud 8	`cobbler >= 2.6.6-49.26.3` `golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-OpenStack-Cloud-8-2020-1970
SUSE OpenStack Cloud 9	`cobbler >= 2.6.6-49.26.3` `golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-OpenStack-Cloud-9-2020-1970
SUSE OpenStack Cloud Crowbar 8	`golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-OpenStack-Cloud-Crowbar-8-2020-1970
SUSE OpenStack Cloud Crowbar 9	`golang-github-prometheus-node_exporter >= 0.18.1-1.6.2`	Patchnames: SUSE-OpenStack-Cloud-Crowbar-9-2020-1970
openSUSE Leap 15.2	`dracut-saltboot >= 0.1.1590413773.a959db7-lp152.2.3.1`	Patchnames: openSUSE-2020-1105

Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.

Product(s)	Source package	State
HPE Helion OpenStack 8	cobbler	Released
SUSE Enterprise Storage 6	golang-github-prometheus-prometheus	Released
SUSE Manager Proxy 4.1 Module	zypp-plugin-spacewalk	Released
SUSE Manager Tools	cobbler	Released
SUSE Manager Tools	dracut-saltboot	Released
SUSE Manager Tools	golang-github-prometheus-prometheus	Released
SUSE Manager Tools	grafana	Released
SUSE Manager Tools	koan	Released
SUSE Manager Tools	mgr-cfg	Released
SUSE Manager Tools	mgr-custom-info	Released
SUSE Manager Tools	mgr-daemon	Released
SUSE Manager Tools	mgr-osad	Released
SUSE Manager Tools	mgr-push	Released
SUSE Manager Tools	mgr-virtualization	Released
SUSE Manager Tools	rhnlib	Released
SUSE Manager Tools	spacecmd	Released
SUSE Manager Tools	spacewalk-client-tools	Released
SUSE Manager Tools	spacewalk-koan	Released
SUSE Manager Tools	spacewalk-oscap	Released
SUSE Manager Tools	spacewalk-remote-utils	Released
SUSE Manager Tools	supportutils-plugin-susemanager-client	Released
SUSE Manager Tools	suseRegisterInfo	Released
SUSE Manager Tools	uyuni-base	Released
SUSE Manager Tools	uyuni-common-libs	Released
SUSE Manager Tools	zypp-plugin-spacewalk	Released
SUSE OpenStack Cloud 8	cobbler	Released
SUSE OpenStack Cloud 9	cobbler	Released