CSV Injection while download csv summary
Bug #2048106 reported by
Jeremy Stanley
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
In Progress
|
High
|
Tatiana Ovchinnikova | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Members of the VMT received the following report by E-mail:
1 admin add a user.
2 the user logins and create a compute instance
3 the user change the instance name as "=1+cmd|'/C calc'!A0"
4 admin go to download csv summary
5 admin open the csv and we can see that the calculator is opened.
see https:/
Changed in horizon: | |
assignee: | nobody → Tatiana Ovchinnikova (tmazur) |
importance: | Undecided → Critical |
Changed in horizon: | |
importance: | Critical → High |
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security
reviewers for the affected project or projects confirm the bug and
discuss the scope of any vulnerability along with potential
solutions.
My initial impression is that this seems very similar to bug 1842749 which was fixed in public, not under embargo, and which the VMT treated as a hardening opportunity, class D in our report taxonomy: https:/ /security. openstack. org/vmt- process. html#report- taxonomy