LFI vulnerability in "Create Workbook"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mistral |
Fix Released
|
Undecided
|
Unassigned | ||
OpenStack Dashboard (Horizon) |
Invalid
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
python-mistralclient |
Fix Released
|
Critical
|
Unassigned |
Bug Description
Hello,
I've found a Local File Inclusion (LFI) vulnerability in creating a workbook on OpenStack Dashboard.
This vulnerability allows the attacker to read a sensitive file on the server like /etc/password, config file, etc. Tested version: Victoria Horizon 18.6.3
I do not an opportunity to test the other version, but I think those versions also vulnerable.
Steps to reproduce:
1. Create a text file datnt78.txt with content: "/etc/passwd"
2. Select Workflow -> Workbooks -> Create Workbook
3. In "Definition Source" select "File" then browse datnt78.txt file then click Validate and got /etc/passwd content.
This is the request: http://
This is the response: http://
Please find the sample file and POC image in the attachment.
Thank you,
DatNT78 at FTEL CSOC
summary: |
- LFI vulnerability in creates a workbook + LFI vulnerability in "Create Workbook" |
tags: | added: security |
Changed in python-mistralclient: | |
importance: | Undecided → Critical |
Changed in mistral: | |
status: | New → In Progress |
Changed in python-mistralclient: | |
status: | New → Fix Released |
Horizon itself does not provide a page for "Workbook". As far as I know, mistral API defines "workbook" resources. Do you use mistral-dashboard? If so, please file this to the mistral launchpad instead of horizon launchpad.