OpenStack Dashboard (Horizon)

  1. Bug #1039077
  2. Activity log

Activity log for bug #1039077

Date Who What changed Old value New value Message
2012-08-20 15:34:52 Thomas Biege bug added bug
2012-08-20 15:35:59 Thomas Biege bug added subscriber Christoph Thiel
2012-08-20 15:36:08 Thomas Biege bug added subscriber Vincent Untz
2012-08-20 15:37:16 Thomas Biege description The "next" parameter is used here and there in the Dasboard. http://10.122.185.2/auth/login/?next=http://www.heise.de Redirects to www.heise.de. Instead of redirecting to heise and attacker can redirect to a cloned Dasboard to steal information, so called Phishing Attack. CWE-601: URL Redirection to Untrusted Site ('Open Redirect') http://cwe.mitre.org/data/definitions/601.html We had an equal issue in SUSE Manager / Spacewalk: https://bugzilla.redhat.com/show_bug.cgi?id=672167 Folsom seems to be safe, but it effects Essex. https://github.com/gabrielhurley/django_openstack_auth/pull/7 The solution was that the string has to start with "/" (so no URL scheme is allowed) AFAIR. The "next" parameter is used here and there in the Dasboard. http://10.122.185.2/auth/login/?next=http://www.heise.de Redirects to www.heise.de. Instead of redirecting to heise an attacker can redirect to a cloned Dasboard to steal information, so called Phishing Attack. CWE-601: URL Redirection to Untrusted Site ('Open Redirect') http://cwe.mitre.org/data/definitions/601.html Folsom seems to be safe, but it effects Essex. https://github.com/gabrielhurley/django_openstack_auth/pull/7
2012-08-20 15:43:06 Vincent Untz attachment added Fix for essex https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3269014/+files/0001-Only-accept-redirect-when-logging-in-if-redirecting-.patch
2012-08-21 13:00:04 Thierry Carrez bug added subscriber Devin Carlen
2012-08-21 13:00:13 Thierry Carrez bug added subscriber Gabriel Hurley
2012-08-21 13:02:39 Thierry Carrez horizon: importance Undecided Medium
2012-08-21 13:02:39 Thierry Carrez horizon: status New Confirmed
2012-08-21 14:24:50 Thomas Biege description The "next" parameter is used here and there in the Dasboard. http://10.122.185.2/auth/login/?next=http://www.heise.de Redirects to www.heise.de. Instead of redirecting to heise an attacker can redirect to a cloned Dasboard to steal information, so called Phishing Attack. CWE-601: URL Redirection to Untrusted Site ('Open Redirect') http://cwe.mitre.org/data/definitions/601.html Folsom seems to be safe, but it effects Essex. https://github.com/gabrielhurley/django_openstack_auth/pull/7 The "next" parameter is used here and there in the Dasboard. http://10.122.185.2/auth/login/?next=http://www.heise.de Redirects to www.heise.de. Instead of redirecting to heise an attacker can redirect to a cloned Dasboard to steal information, so called Phishing Attack. CWE-601: URL Redirection to Untrusted Site ('Open Redirect') http://cwe.mitre.org/data/definitions/601.html Folsom seems to be safe, but it affects Essex. https://github.com/gabrielhurley/django_openstack_auth/pull/7
2012-08-22 00:28:59 Gabriel Hurley nominated for series horizon/essex
2012-08-22 00:28:59 Gabriel Hurley bug task added horizon/essex
2012-08-22 00:29:12 Gabriel Hurley horizon: status Confirmed Invalid
2012-08-22 00:29:16 Gabriel Hurley horizon/essex: status New Confirmed
2012-08-22 00:29:23 Gabriel Hurley horizon/essex: importance Undecided Critical
2012-08-22 17:20:43 Gabriel Hurley bug added subscriber Paul McMillan
2012-08-22 20:27:15 Paul McMillan attachment added fix_lp1039077.patch https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3272402/+files/fix_lp1039077.patch
2012-08-22 20:32:08 Paul McMillan attachment removed fix_lp1039077.patch https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3272402/+files/fix_lp1039077.patch
2012-08-22 20:32:34 Paul McMillan attachment added fix_lp1039077.patch https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3272408/+files/fix_lp1039077.patch
2012-08-22 20:33:04 Paul McMillan attachment removed fix_lp1039077.patch https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3272408/+files/fix_lp1039077.patch
2012-08-22 20:34:55 Paul McMillan attachment added fix_lp1039077.2.patch https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3272410/+files/fix_lp1039077.2.patch
2012-08-24 10:02:49 Thierry Carrez horizon/essex: importance Critical Medium
2012-08-28 05:17:15 Thomas Biege cve linked 2012-3540
2012-08-30 14:16:08 Russell Bryant visibility private public
2012-08-30 14:41:30 OpenStack Infra horizon/essex: status Confirmed Fix Committed
2012-08-30 15:14:13 Russell Bryant removed subscriber OpenStack Vulnerability Management team
2012-09-13 00:25:09 Launchpad Janitor branch linked lp:ubuntu/precise-security/horizon
2012-10-09 20:13:56 Mark McLoughlin horizon/essex: milestone 2012.1.3
2012-10-11 19:46:22 Mark McLoughlin horizon/essex: status Fix Committed Fix Released
2012-12-12 13:04:42 Yolanda Robla horizon (Ubuntu): status New Fix Released
2012-12-12 13:04:45 Yolanda Robla nominated for series Ubuntu Precise
2013-05-09 23:30:02 Brian Murray bug added subscriber Ubuntu Stable Release Updates Team
2013-05-09 23:30:06 Brian Murray bug added subscriber SRU Verification
2013-05-09 23:30:15 Brian Murray tags verification-needed
2013-05-09 23:52:10 Launchpad Janitor branch linked lp:ubuntu/precise-proposed/horizon
2013-05-16 07:41:36 Yolanda Robla attachment added 2012.1.3+stable-20130423-5ce39422-0ubuntu1.log https://bugs.launchpad.net/bugs/1039077/+attachment/3678045/+files/2012.1.3%2Bstable-20130423-5ce39422-0ubuntu1.log
2013-05-16 07:42:02 Yolanda Robla tags verification-needed verification-done
2013-05-16 17:26:54 Scott Kitterman removed subscriber Ubuntu Stable Release Updates Team
2013-06-07 15:45:17 Thierry Carrez summary open redirect / phishing attack via "next" parameter [OSSA 2012-012] open redirect / phishing attack via "next" parameter
2013-06-07 15:45:26 Thierry Carrez bug task added ossa
2013-06-07 15:45:37 Thierry Carrez ossa: status New Fix Released
2013-06-07 15:45:37 Thierry Carrez ossa: assignee Russell Bryant (russellb)