yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #62995
[Bug 1667086] Re: [OSSA-2017-003] XSS in federation mappings UI (CVE-2017-7400)
Reviewed: https://review.openstack.org/447064
Committed: https://git.openstack.org/cgit/openstack/ossa/commit/?id=d9fb681d40ed9b2ec535b3ffa49451edfd199167
Submitter: Jenkins
Branch: master
commit d9fb681d40ed9b2ec535b3ffa49451edfd199167
Author: Tristan Cacqueray <tdecacqu@xxxxxxxxxx>
Date: Fri Mar 17 16:49:35 2017 +0000
Adds OSSA-2017-003 (CVE-2017-7400)
Change-Id: Iead38e4f72cfe54102612a07a4001862cb5fd32c
Closes-Bug: #1667086
** Changed in: ossa
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7400
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1667086
Title:
[OSSA-2017-003] XSS in federation mappings UI (CVE-2017-7400)
Status in OpenStack Dashboard (Horizon):
Fix Released
Status in OpenStack Security Advisory:
Fix Released
Bug description:
Found in Mitaka
Steps:
- Setup federation in keystone and horizon
- Launch and login to horizon as an admin
- Click on the Federation->Mappings tab
- Create or update a mapping with the following content that contains javascript
[
{
"local": [
{
"domain": {
"name": "Default"
},
"group": {
"domain": {
"name": "Default"
},
"name": "Federated Users"
},
"user": {
"name": "{<script>alert('test');</script>}",
"email": "{1}"
},
"groups": "{2}"
}
],
"remote": [
{
"type": "REMOTE_USER"
},
{
"type": "MELLON_userEmail"
},
{
"type": "MELLON_groups"
}
]
}
]
Now whenever this Federation->Mapping page is shown, the javascript
will execute.
It appears other pages in horizon protect against such attacks (such
as Users, Groups, etc). So I'm guessing that the rendering of this
page just needs to be escaped to ignore tags.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1667086/+subscriptions
