yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #07505
[Bug 1247675] Re: [OSSA 2013-036] Insufficient sanitization of Instance Name in Horizon (CVE-2013-6858)
** Changed in: horizon/havana
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1247675
Title:
[OSSA 2013-036] Insufficient sanitization of Instance Name in Horizon
(CVE-2013-6858)
Status in OpenStack Dashboard (Horizon):
Fix Released
Status in OpenStack Dashboard (Horizon) grizzly series:
Fix Committed
Status in OpenStack Dashboard (Horizon) havana series:
Fix Released
Status in OpenStack Security Advisories:
Fix Released
Bug description:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello,
My name is Chris Chapman, I am an Incident Manager with Cisco PSIRT.
I would like to report the following XSS issue found in the OpenStack
WebUI that was reported to Cisco.
The details are as follows:
The OpenStack web user interface is vulnerable to XSS:
While launching (or editing) an instance, injecting <script> tags in
the instance name results in the javascript being executed on the
"Volumes" and the "Network Topology" page. This is a classic Stored
XSS vulnerability.
Recommendations:
- - Sanitize the "Instance Name" string to prevent XSS.
- - Sanitize all user input to prevent XSS.
- - Consider utilizing Content Security Policy (CSP). This can be used
to prevent inline javascript from executing & only load javascript
files from approved domains. This would prevent XSS, even in
scenarios where user input is not
properly sanitized.
Please include PSIRT-2070334443 in the subject line for all
communications on this issue with Cisco going forward.
If you can also include any case number that this issue is assigned
that will help us track the issue.
Thank you,
Chris
Chris Chapman | Incident Manager
Cisco Product Security Incident Response Team - PSIRT
Security Research and Operations
Office: (949) 823-3167 | Direct: (562) 208-0043
Email: chchchapma@xxxxxxxxx
SIO: http://www.cisco.com/security
PGP: 0x959B3169
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBCgAGBQJSc8QQAAoJEPMPZe6VmzFpLw8H/1h2ZhqKJs6nxZDGnDpn3N2t
6S6vwx3UYZGG5O1TTx1wrZkkHxckAg8GzMBJa6HFXPs1Zr0o9nhuLfvdKfShQFUA
HqWMPOFPKid2LML2FMOGAWAdQAG6YTMknZ9d8JTvHI2BhluOsjxlOa0TBNr/Gm+Z
iwAOBmAgJqU2nWx1iomiGhUpwX2oaQuqDyaosycpVtv0gQAtYsEf7zYdRNod7kB5
6CGEXJ8J161Bd04dta99onFAB1swroOpOgUopUoONK4nHDxot/MojnvusDmWe2Fs
usVLh7d6hB3eDyWpVFhbKwSW+Bkmku1Tl0asCgm1Uy9DkrY23UGZuIqKhFs5A8U=
=gycf
-----END PGP SIGNATURE-----
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1247675/+subscriptions