refreshing in log viewer interprets html and javascript
Bug #977944 reported by
J. Daniel Schmidt
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Critical
|
Unassigned | ||
Essex |
Fix Released
|
Critical
|
Unassigned |
Bug Description
In the log viewer the refreshing mechanism does not escape the fetched log data.
This means that HTML with Javascript code gets interpreted as such and thus code can be injected in a dashboard session.
A harmless test for this is this command run inside a VM:
# echo "<b>test</b>" > /dev/ttyS0
This opens up even more creativity:
# echo "<script>
After loading the log you just have to wait (a few seconds) for the first refresh.
CVE References
summary: |
- refreshing in log viewer interprets html + refreshing in log viewer interprets html and javascript |
Changed in horizon: | |
status: | Fix Committed → Fix Released |
Changed in horizon: | |
milestone: | folsom-1 → 2012.2 |
Changed in horizon: | |
assignee: | Registry Administrators (registry) → nobody |
To post a comment you must log in.
Thanks for your report, jdsn.
In other words this is a Cross-Site Scripting flaw which could be used to steal the session id of the logged in user viewing the logs.
I would recommend getting a CVE for it if this affects released products / software.