yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1865026] Re: Open redirect in workflow forms (CVE-2020-29565)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <1865026@xxxxxxxxxxxxxxxxxx>
Date: Tue, 08 Dec 2020 15:51:56 -0000
Reply-to: Bug 1865026 <1865026@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

OSSA-2020-008 has been published to relevant mailing lists and the
https://security.openstack.org/ site.

** Changed in: ossa
     Assignee: (unassigned) => Gage Hugo (gagehugo)

** Changed in: ossa
       Status: Incomplete => Fix Released

** Changed in: ossa
   Importance: Undecided => Medium

** Summary changed:

- Open redirect in workflow forms (CVE-2020-29565)
+ [OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1865026

Title:
  [OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565)

Status in OpenStack Dashboard (Horizon):
  Fix Released
Status in OpenStack Security Advisory:
  Fix Released

Bug description:
  This affects all released versions of Horizon.

  It is possible to make Horizon redirect to an arbitrary URL:

  Steps of Reproduction:
  1. Visit https://rhos-d.infra.prod.upshift.rdu2.redhat.com
  2. Click on Instances
  3. Pick any available instance and click on it.
  4. On Right side - Click on Down arrow button
  5. Hover on 'Edit Instance' and copy its link location and open in the same browser in the same tab.
  6. It will look like:
  https://rhos-d.infra.prod.upshift.rdu2.redhat.com/dashboard/project/instances/<instance_id>/update?step=instance_info&next=<path_and_id>; Change the &next= value with &next=https://evil.com and refresh the page ; then click on Save Button.
  7. It will redirect the page to Evil.com.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1865026/+subscriptions