CVE-2023-6710: 
Alma Linux vulnerability analysis and mitigation

A vulnerability (CVE-2023-6710) was discovered in the mod_proxy_cluster component of the Apache server, first reported on December 12, 2023. The vulnerability allows malicious users to trigger a stored cross-site scripting (XSS) vulnerability by injecting scripts through the 'alias' parameter in URLs. When exploited, the vulnerability enables the addition of a new virtual host and injects malicious scripts into the cluster-manager page (NVD, Red Hat Advisory).

The vulnerability is classified as a stored XSS vulnerability (CWE-79) affecting the mod_proxy_cluster module. It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability specifically involves the manipulation of the 'alias' parameter in URLs, which can be exploited to store malicious scripts that are then executed in the cluster-manager page context (NVD).

The impact of this vulnerability is considered Low, primarily because the cluster_manager URL should not be exposed externally and is protected by user authentication. However, if successfully exploited, it could allow attackers to execute arbitrary JavaScript code in the context of other users' browsers when they access the cluster-manager page (Red Hat Bugzilla).

Red Hat has released security updates to address this vulnerability across multiple products. Updates are available through RHSA-2024:1316 for JBoss Core Services on RHEL 7 and RHEL 8, RHSA-2024:1317 for Red Hat JBoss Core Services, and RHSA-2024:2387 for Red Hat Enterprise Linux 9. Users are advised to apply these security updates to protect against this vulnerability (Red Hat Advisory).