A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpaks intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_linux | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux | Redhat | 8.0 (including) | 8.0 (including) |
| Enterprise_linux | Redhat | 9.0 (including) | 9.0 (including) |
| Yelp | Ubuntu | esm-infra-legacy/xenial | * |
| Yelp | Ubuntu | esm-infra/bionic | * |
| Yelp | Ubuntu | esm-infra/focal | * |
| Yelp | Ubuntu | jammy | * |
| Yelp | Ubuntu | noble | * |
| Yelp | Ubuntu | questing | * |
| Yelp | Ubuntu | resolute | * |
| Yelp | Ubuntu | upstream | * |