yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1247675] Re: [OSSA 2013-036] Insufficient sanitization of Instance Name in Horizon (CVE-2013-6858)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Alan Pevec <1247675@xxxxxxxxxxxxxxxxxx>
Date: Thu, 20 Mar 2014 22:13:40 -0000
Reply-to: Bug 1247675 <1247675@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: horizon/grizzly
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1247675

Title:
  [OSSA 2013-036] Insufficient sanitization of Instance Name in Horizon
  (CVE-2013-6858)

Status in OpenStack Dashboard (Horizon):
  Fix Released
Status in OpenStack Dashboard (Horizon) grizzly series:
  Fix Released
Status in OpenStack Dashboard (Horizon) havana series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA512

  Hello,

  My name is Chris Chapman, I am an Incident Manager with Cisco PSIRT.

  I would like to report the following XSS issue found in the OpenStack
  WebUI that was reported to Cisco.

  The details are as follows:

  The OpenStack web user interface is vulnerable to XSS:

  While launching (or editing) an instance, injecting <script> tags in
  the instance name results in the javascript being executed on the
  "Volumes" and the "Network Topology" page.  This is a classic Stored
  XSS vulnerability.

  Recommendations:
  - - Sanitize the "Instance Name" string to prevent XSS.
  - - Sanitize all user input to prevent XSS.
  - - Consider utilizing Content Security Policy (CSP). This can be used
  to prevent inline javascript from executing & only load javascript
  files from approved domains.  This would prevent XSS, even in
  scenarios where user input is not
  properly sanitized.

  
  Please include PSIRT-2070334443 in the subject line for all
  communications on this issue with Cisco going forward.

  If you can also include any case number that this issue is assigned
  that will help us track the issue.

  Thank you,
  Chris

  Chris Chapman | Incident Manager
  Cisco Product Security Incident Response Team - PSIRT
  Security Research and Operations
  Office: (949) 823-3167 | Direct: (562) 208-0043
  Email: chchchapma@xxxxxxxxx
  SIO: http://www.cisco.com/security
  PGP: 0x959B3169
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
  Comment: GPGTools - http://gpgtools.org
  Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

  iQEcBAEBCgAGBQJSc8QQAAoJEPMPZe6VmzFpLw8H/1h2ZhqKJs6nxZDGnDpn3N2t
  6S6vwx3UYZGG5O1TTx1wrZkkHxckAg8GzMBJa6HFXPs1Zr0o9nhuLfvdKfShQFUA
  HqWMPOFPKid2LML2FMOGAWAdQAG6YTMknZ9d8JTvHI2BhluOsjxlOa0TBNr/Gm+Z
  iwAOBmAgJqU2nWx1iomiGhUpwX2oaQuqDyaosycpVtv0gQAtYsEf7zYdRNod7kB5
  6CGEXJ8J161Bd04dta99onFAB1swroOpOgUopUoONK4nHDxot/MojnvusDmWe2Fs
  usVLh7d6hB3eDyWpVFhbKwSW+Bkmku1Tl0asCgm1Uy9DkrY23UGZuIqKhFs5A8U=
  =gycf
  -----END PGP SIGNATURE-----

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1247675/+subscriptions