{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-13083", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-06-23T18:27:40.399Z", "datePublished": "2026-06-25T23:23:42.386Z", "dateUpdated": "2026-06-25T23:23:42.386Z"}, "containers": {"cna": {"title": "Pen-drive: pen-drive: stored xss via unescaped cluster data in html report", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS) payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report."}], "affected": [{"vendor": "Red Hat", "product": "Pen Drive Powered by Red Hat Lightspeed", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pen-drive/pen-drive-scanner-rhel9", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:pdrive_lightspeed:0"]}, {"vendor": "Red Hat", "product": "Pen Drive Powered by Red Hat Lightspeed", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pen-drive/pen-drive-scanner-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:pdrive_lightspeed:1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-13083", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491886", "name": "RHBZ#2491886", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-06-23T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "workarounds": [{"lang": "en", "value": "The following practices would help for avoiding exposure and mitigate this flaw:\n- Upgrade Pen Drive to version 1.0.0-2 or later, which reportedly contains the fix.\n- Until upgraded, review HTML reports generated by Pen Drive before opening them in a browser, or open them in a sandboxed browser environment.\n- If using must-gather archives from untrusted sources, validate the archive content before feeding it to Pen Drive.\n- Consider opening Pen Drive reports with JavaScript disabled in the browser."}], "timeline": [{"lang": "en", "time": "2026-06-23T18:29:00.334Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-23T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Jon Weiser (Red Hat), Oleg Sushchenko (Red Hat), and Raul Bringas (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-25T23:23:42.386Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}}}

{}

{}

{"acknowledgement": "This issue was discovered by Jon Weiser (Red Hat), Oleg Sushchenko (Red Hat), and Raul Bringas (Red Hat).", "bugzilla": {"description": "pen-drive: pen-drive: stored XSS via unescaped cluster data in HTML report", "id": "2491886", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491886"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS) payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report."], "mitigation": {"lang": "en:us", "value": "The following practices would help for avoiding exposure and mitigate this flaw:\n- Upgrade Pen Drive to version 1.0.0-2 or later, which reportedly contains the fix.\n- Until upgraded, review HTML reports generated by Pen Drive before opening them in a browser, or open them in a sandboxed browser environment.\n- If using must-gather archives from untrusted sources, validate the archive content before feeding it to Pen Drive.\n- Consider opening Pen Drive reports with JavaScript disabled in the browser."}, "name": "CVE-2026-13083", "package_state": [{"cpe": "cpe:/a:redhat:pdrive_lightspeed:0", "fix_state": "Under investigation", "package_name": "pen-drive/pen-drive-scanner-rhel9", "product_name": "Pen Drive Powered by Red Hat Lightspeed"}, {"cpe": "cpe:/a:redhat:pdrive_lightspeed:1", "fix_state": "Affected", "package_name": "pen-drive/pen-drive-scanner-rhel9", "product_name": "Pen Drive Powered by Red Hat Lightspeed"}], "public_date": "2026-06-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-13083\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-13083"], "statement": "This flaw affects Pen Drive versions prior to 1.0.0-2. The vulnerability requires cluster administrator privileges to inject the XSS payload and user interaction (opening the report) for exploitation, limiting the attack surface. The fix is available in Pen Drive 1.0.0-2. The most likely exploitation scenario involves a compromised cluster producing a poisoned must-gather archive that is then processed by Pen Drive, with the resulting report opened by a support engineer.", "threat_severity": "Moderate"}

{"created": "2026-06-26T00:30:17.568357+00:00", "updated": "2026-06-26T00:30:17.568365+00:00", "vendors": []}