[OSSA 2014-023] Stored XSS for /admin/users/ (CVE-2014-3475)
Bug #1320235 reported by
michael xin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
High
|
Julie Pichon | ||
Havana |
Fix Released
|
High
|
Julie Pichon | ||
Icehouse |
Fix Released
|
High
|
Julie Pichon | ||
OpenStack Security Advisory |
Fix Released
|
Medium
|
Tristan Cacqueray |
Bug Description
The /admin/users/ page does not output encode users' email addresses correctly. Since there is no user input validation for the users' email address during creation process. It is possible to inject script tag into the email address. This is a stored cross site scripting issue.
The issue can be abused to hijack user's session and implant malware, etc.
For example, attached is a screen copy of Horizon for users with stored XSS in action.
Related branches
Changed in ossa: | |
importance: | Undecided → Medium |
status: | Incomplete → Confirmed |
Changed in ossa: | |
status: | Confirmed → Triaged |
Changed in ossa: | |
assignee: | nobody → Tristan Cacqueray (tristan-cacqueray) |
summary: |
- Stored XSS for /admin/users/ + Stored XSS for /admin/users/ (CVE-2014-3475) |
Changed in ossa: | |
status: | Triaged → In Progress |
information type: | Private Security → Public Security |
summary: |
- Stored XSS for /admin/users/ (CVE-2014-3475) + [OSSA 2014-023] Stored XSS for /admin/users/ (CVE-2014-3475) |
Changed in ossa: | |
status: | Fix Committed → Fix Released |
Changed in horizon: | |
milestone: | none → juno-2 |
status: | Fix Committed → Fix Released |
tags: | removed: in-stable-havana in-stable-icehouse |
Changed in horizon: | |
importance: | Undecided → High |
Changed in horizon: | |
milestone: | juno-2 → 2014.2 |
To post a comment you must log in.
The OSSA task is incomplete pending additional details from security reviewers. Also I marked 1320233 as a duplicate of this one.