58327 – sanitization/escaping in App Center components

Bug 58327 - sanitization/escaping in App Center components

Summary: sanitization/escaping in App Center components

Status:	CLOSED FIXED

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	App Center
Version:	UCS 5.2
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	UCS 5.2-1-errata
Assignee:	Christian Castens
QA Contact:	Arvid Requate

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:

Reported:	2025-05-27 08:00 CEST by Christian Castens
Modified:	2025-05-28 13:40 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Castens

2025-05-27 08:00:28 CEST

There are some components in the App Center that need sanitizing/escaping to be more resilient against attack vectors such as Cross-Site Scripting. 

GitLab issues:
https://git.knut.univention.de/univention/dev/ucs/-/issues/2846
https://git.knut.univention.de/univention/dev/ucs/-/issues/2899

Comment 1 Christian Castens

2025-05-27 13:14:57 CEST

Package: univention-appcenter
Version: 11.1.1
Branch: 5.2-0
Scope: errata5.2-1

univention-appcenter.yaml
8648de4cc28f | Bug #58327: enhance the resilience of the App Center against attack vectors such as Cross-Site Scripting

univention-appcenter (11.1.1)
4f5dd90def63 | Bug #58327: fix typo
8648de4cc28f | Bug #58327: enhance the resilience of the App Center against attack vectors such as Cross-Site Scripting

Comment 2 Arvid Requate

2025-05-27 21:56:20 CEST

Verified:
* Code review
* Package update
* Functional test
* Advisory

Comment 3 Christian Castens

2025-05-28 13:40:40 CEST

<https://errata.software-univention.de/#/?erratum=5.2x112>