2012-08-20 15:34:52 |
Thomas Biege |
bug |
|
|
added bug |
2012-08-20 15:35:59 |
Thomas Biege |
bug |
|
|
added subscriber Christoph Thiel |
2012-08-20 15:36:08 |
Thomas Biege |
bug |
|
|
added subscriber Vincent Untz |
2012-08-20 15:37:16 |
Thomas Biege |
description |
The "next" parameter is used here and there in the Dasboard.
http://10.122.185.2/auth/login/?next=http://www.heise.de
Redirects to www.heise.de.
Instead of redirecting to heise and attacker can redirect to a cloned Dasboard
to steal information, so called Phishing Attack.
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
http://cwe.mitre.org/data/definitions/601.html
We had an equal issue in SUSE Manager / Spacewalk:
https://bugzilla.redhat.com/show_bug.cgi?id=672167
Folsom seems to be safe, but it effects Essex.
https://github.com/gabrielhurley/django_openstack_auth/pull/7
The solution was that the string has to start with "/" (so no URL scheme is
allowed) AFAIR. |
The "next" parameter is used here and there in the Dasboard.
http://10.122.185.2/auth/login/?next=http://www.heise.de
Redirects to www.heise.de.
Instead of redirecting to heise an attacker can redirect to a cloned Dasboard
to steal information, so called Phishing Attack.
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
http://cwe.mitre.org/data/definitions/601.html
Folsom seems to be safe, but it effects Essex.
https://github.com/gabrielhurley/django_openstack_auth/pull/7 |
|
2012-08-20 15:43:06 |
Vincent Untz |
attachment added |
|
Fix for essex https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3269014/+files/0001-Only-accept-redirect-when-logging-in-if-redirecting-.patch |
|
2012-08-21 13:00:04 |
Thierry Carrez |
bug |
|
|
added subscriber Devin Carlen |
2012-08-21 13:00:13 |
Thierry Carrez |
bug |
|
|
added subscriber Gabriel Hurley |
2012-08-21 13:02:39 |
Thierry Carrez |
horizon: importance |
Undecided |
Medium |
|
2012-08-21 13:02:39 |
Thierry Carrez |
horizon: status |
New |
Confirmed |
|
2012-08-21 14:24:50 |
Thomas Biege |
description |
The "next" parameter is used here and there in the Dasboard.
http://10.122.185.2/auth/login/?next=http://www.heise.de
Redirects to www.heise.de.
Instead of redirecting to heise an attacker can redirect to a cloned Dasboard
to steal information, so called Phishing Attack.
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
http://cwe.mitre.org/data/definitions/601.html
Folsom seems to be safe, but it effects Essex.
https://github.com/gabrielhurley/django_openstack_auth/pull/7 |
The "next" parameter is used here and there in the Dasboard.
http://10.122.185.2/auth/login/?next=http://www.heise.de
Redirects to www.heise.de.
Instead of redirecting to heise an attacker can redirect to a cloned Dasboard
to steal information, so called Phishing Attack.
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
http://cwe.mitre.org/data/definitions/601.html
Folsom seems to be safe, but it affects Essex.
https://github.com/gabrielhurley/django_openstack_auth/pull/7 |
|
2012-08-22 00:28:59 |
Gabriel Hurley |
nominated for series |
|
horizon/essex |
|
2012-08-22 00:28:59 |
Gabriel Hurley |
bug task added |
|
horizon/essex |
|
2012-08-22 00:29:12 |
Gabriel Hurley |
horizon: status |
Confirmed |
Invalid |
|
2012-08-22 00:29:16 |
Gabriel Hurley |
horizon/essex: status |
New |
Confirmed |
|
2012-08-22 00:29:23 |
Gabriel Hurley |
horizon/essex: importance |
Undecided |
Critical |
|
2012-08-22 17:20:43 |
Gabriel Hurley |
bug |
|
|
added subscriber Paul McMillan |
2012-08-22 20:27:15 |
Paul McMillan |
attachment added |
|
fix_lp1039077.patch https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3272402/+files/fix_lp1039077.patch |
|
2012-08-22 20:32:08 |
Paul McMillan |
attachment removed |
fix_lp1039077.patch https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3272402/+files/fix_lp1039077.patch |
|
|
2012-08-22 20:32:34 |
Paul McMillan |
attachment added |
|
fix_lp1039077.patch https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3272408/+files/fix_lp1039077.patch |
|
2012-08-22 20:33:04 |
Paul McMillan |
attachment removed |
fix_lp1039077.patch https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3272408/+files/fix_lp1039077.patch |
|
|
2012-08-22 20:34:55 |
Paul McMillan |
attachment added |
|
fix_lp1039077.2.patch https://bugs.launchpad.net/horizon/+bug/1039077/+attachment/3272410/+files/fix_lp1039077.2.patch |
|
2012-08-24 10:02:49 |
Thierry Carrez |
horizon/essex: importance |
Critical |
Medium |
|
2012-08-28 05:17:15 |
Thomas Biege |
cve linked |
|
2012-3540 |
|
2012-08-30 14:16:08 |
Russell Bryant |
visibility |
private |
public |
|
2012-08-30 14:41:30 |
OpenStack Infra |
horizon/essex: status |
Confirmed |
Fix Committed |
|
2012-08-30 15:14:13 |
Russell Bryant |
removed subscriber OpenStack Vulnerability Management team |
|
|
|
2012-09-13 00:25:09 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-security/horizon |
|
2012-10-09 20:13:56 |
Mark McLoughlin |
horizon/essex: milestone |
|
2012.1.3 |
|
2012-10-11 19:46:22 |
Mark McLoughlin |
horizon/essex: status |
Fix Committed |
Fix Released |
|
2012-12-12 13:04:42 |
Yolanda Robla |
horizon (Ubuntu): status |
New |
Fix Released |
|
2012-12-12 13:04:45 |
Yolanda Robla |
nominated for series |
|
Ubuntu Precise |
|
2013-05-09 23:30:02 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2013-05-09 23:30:06 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2013-05-09 23:30:15 |
Brian Murray |
tags |
|
verification-needed |
|
2013-05-09 23:52:10 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/horizon |
|
2013-05-16 07:41:36 |
Yolanda Robla |
attachment added |
|
2012.1.3+stable-20130423-5ce39422-0ubuntu1.log https://bugs.launchpad.net/bugs/1039077/+attachment/3678045/+files/2012.1.3%2Bstable-20130423-5ce39422-0ubuntu1.log |
|
2013-05-16 07:42:02 |
Yolanda Robla |
tags |
verification-needed |
verification-done |
|
2013-05-16 17:26:54 |
Scott Kitterman |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2013-06-07 15:45:17 |
Thierry Carrez |
summary |
open redirect / phishing attack via "next" parameter |
[OSSA 2012-012] open redirect / phishing attack via "next" parameter |
|
2013-06-07 15:45:26 |
Thierry Carrez |
bug task added |
|
ossa |
|
2013-06-07 15:45:37 |
Thierry Carrez |
ossa: status |
New |
Fix Released |
|
2013-06-07 15:45:37 |
Thierry Carrez |
ossa: assignee |
|
Russell Bryant (russellb) |
|