[OSSA-2017-003] XSS in federation mappings UI (CVE-2017-7400)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Critical
|
Richard Jones | ||
OpenStack Security Advisory |
Fix Released
|
Undecided
|
Tristan Cacqueray |
Bug Description
Found in Mitaka
Steps:
- Setup federation in keystone and horizon
- Launch and login to horizon as an admin
- Click on the Federation-
- Create or update a mapping with the following content that contains javascript
[
{
"local": [
{
},
},
},
}
],
"remote": [
{
},
{
},
{
}
]
}
]
Now whenever this Federation->Mapping page is shown, the javascript will execute.
It appears other pages in horizon protect against such attacks (such as Users, Groups, etc). So I'm guessing that the rendering of this page just needs to be escaped to ignore tags.
CVE References
description: | updated |
summary: |
- XSS in federation mappings UI + [OSSA-2017-003] XSS in federation mappings UI (CVE-2017-7400) |
Changed in ossa: | |
status: | Confirmed → In Progress |
assignee: | nobody → Tristan Cacqueray (tristan-cacqueray) |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.