yahoo-eng-team team mailing list archive

[OpenStack Infra <1865026@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.opendev.org/750207
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=252467100f75587e18df9c43ed5802ee8f0017fa
Submitter: Zuul
Branch:    master

commit 252467100f75587e18df9c43ed5802ee8f0017fa
Author: Radomir Dopieralski <openstack@xxxxxxxxxxxx>
Date:   Mon Sep 7 21:03:36 2020 +0200

    Fix open redirect
    
    Make sure the "next" URL is in the same origin as Horizon before
    redirecting to it.
    
    Change-Id: I06b2bfc8e3638591615547780c3fa34b0abe19f6
    Closes-bug: #1865026


** Changed in: horizon
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1865026

Title:
  Open redirect in workflow forms

Status in OpenStack Dashboard (Horizon):
  Fix Released
Status in OpenStack Security Advisory:
  Incomplete

Bug description:
  This affects all released versions of Horizon.

  It is possible to make Horizon redirect to an arbitrary URL:

  Steps of Reproduction:
  1. Visit https://rhos-d.infra.prod.upshift.rdu2.redhat.com
  2. Click on Instances
  3. Pick any available instance and click on it.
  4. On Right side - Click on Down arrow button
  5. Hover on 'Edit Instance' and copy its link location and open in the same browser in the same tab.
  6. It will look like:
  https://rhos-d.infra.prod.upshift.rdu2.redhat.com/dashboard/project/instances/<instance_id>/update?step=instance_info&next=<path_and_id>; Change the &next= value with &next=https://evil.com and refresh the page ; then click on Save Button.
  7. It will redirect the page to Evil.com.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1865026/+subscriptions