[OSSA 2015-009] Sanitation of metadata label (CVE-2015-3988)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
Critical
|
Vlad Okhrimenko | ||
6.0.x |
Fix Released
|
Critical
|
Alexander Nevenchannyy | ||
6.1.x |
Fix Released
|
Critical
|
MOS Maintenance | ||
7.0.x |
Fix Released
|
Critical
|
Vlad Okhrimenko |
Bug Description
1) Start up Horizon
2) Go to Images
3) Next to an image, pick "Update Metadata"
4) From the dropdown button, select "Update Metadata"
5) In the Custom box, enter a value with some HTML like:
'<img>'
'<script><script>'
'</script>
and click +
6) On the right-hand side, give it a value, like "ee"
7) Click "Save"
8) Pick "Update Metadata" for the image again, the page will fail to load, and the JavaScript console says:
SyntaxError: invalid property id
var existing_metadata = {"
An alternative is if you change the URL to update_metadata for the image (for example, http://
I'm not sure if update_metadata is actually a page, though... can't figure out how to get to it other than typing it in.
CVE References
Changed in mos: | |
importance: | Undecided → Critical |
tags: | added: 6.1-mu-1 |
description: | updated |
tags: | added: 6.0-mu-5 done release-notes |
tags: | removed: 6.0-mu-5 |
tags: | added: 6.0-mu-5 |
tags: | removed: on-verification |
tags: | added: 7.0 |
tags: |
added: release-notes-done-7.0 removed: 7.0 done release-notes |
tags: |
added: 7.0 release-notes-done removed: release-notes-done-7.0 |
tags: |
added: rn7.0 removed: 7.0 |
tags: |
added: rn6.0-mu-5 rn6.1-mu-1 removed: 6.0-mu-5 6.1-mu-1 |
tags: | added: feature-security |
upstream bug https:/ /bugs.launchpad .net/horizon/ +bug/1449260