yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1320235] Re: [OSSA 2014-023] Stored XSS for /admin/users/ (CVE-2014-3475)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Alan Pevec <1320235@xxxxxxxxxxxxxxxxxx>
Date: Thu, 07 Aug 2014 15:48:29 -0000
Reply-to: Bug 1320235 <1320235@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Tags removed: in-stable-havana in-stable-icehouse

** Changed in: horizon/icehouse
       Status: Fix Released => Fix Committed

** Also affects: horizon/havana
   Importance: Undecided
       Status: New

** Changed in: horizon/havana
       Status: New => Fix Committed

** Changed in: horizon/havana
     Assignee: (unassigned) => Julie Pichon (jpichon)

** Changed in: horizon/icehouse
     Assignee: (unassigned) => Julie Pichon (jpichon)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1320235

Title:
  [OSSA 2014-023] Stored XSS for /admin/users/ (CVE-2014-3475)

Status in OpenStack Dashboard (Horizon):
  Fix Released
Status in OpenStack Dashboard (Horizon) havana series:
  Fix Committed
Status in OpenStack Dashboard (Horizon) icehouse series:
  Fix Committed
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  The /admin/users/ page does not output encode users' email addresses
  correctly. Since there is  no user input validation for the users'
  email address during creation process. It is possible to inject script
  tag into the email address. This is a stored cross site scripting
  issue.

  The issue can be abused to hijack user's session and implant malware,
  etc.

  
  For example, attached is a screen copy of Horizon for users with stored XSS in action.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1320235/+subscriptions