yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #62076
[Bug 1667086] Re: XSS in federation mappings UI
Reviewed: https://review.openstack.org/442277
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=a835dbfbaa2c70329c08d4b8429d49315dc6d651
Submitter: Jenkins
Branch: master
commit a835dbfbaa2c70329c08d4b8429d49315dc6d651
Author: Richard Jones <r1chardj0n3s@xxxxxxxxx>
Date: Tue Mar 7 16:55:39 2017 +1100
Remove dangerous safestring declaration
This declaration allows XSS content through the JSON and
is unnecessary for correct rendering of the content anyway.
Change-Id: I82355b37108609ae573237424e528aab86a24efc
Closes-Bug: 1667086
** Changed in: horizon
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1667086
Title:
XSS in federation mappings UI
Status in OpenStack Dashboard (Horizon):
Fix Released
Status in OpenStack Security Advisory:
Incomplete
Bug description:
Found in Mitaka
Steps:
- Setup federation in keystone and horizon
- Launch and login to horizon as an admin
- Click on the Federation->Mappings tab
- Create or update a mapping with the following content that contains javascript
[
{
"local": [
{
"domain": {
"name": "Default"
},
"group": {
"domain": {
"name": "Default"
},
"name": "Federated Users"
},
"user": {
"name": "{<script>alert('test');</script>}",
"email": "{1}"
},
"groups": "{2}"
}
],
"remote": [
{
"type": "REMOTE_USER"
},
{
"type": "MELLON_userEmail"
},
{
"type": "MELLON_groups"
}
]
}
]
Now whenever this Federation->Mapping page is shown, the javascript
will execute.
It appears other pages in horizon protect against such attacks (such
as Users, Groups, etc). So I'm guessing that the rendering of this
page just needs to be escaped to ignore tags.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1667086/+subscriptions