Possible client side template injection in horizon login screen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
New
|
Undecided
|
Unassigned | ||
openstack-secaudit |
New
|
Undecided
|
Unassigned |
Bug Description
We got indication from security auditing scan, that login page (/dashboard/
is still vulnerable for below problem, reported on Horizon/ocata, version 10.0.0.0.
Seems same as below bug, just it didn't fix the issue for the login screen.
https:/
More information for he problem:
AngularJS client-side template injection vulnerability.
http://
This web application is vulnerable to AngularJS client-side template injection vulnerability. AngularJS client-side template injection vulnerabilities occur when user-input is dynamically embedded on a page where AngularJS client-side templating is used. By using curly braces it's possible to inject AngularJS expressions in the AngularJS client-side template that is being used by the application.These expressions will be evaluated on the client-side by AngularJS and when combined with a sandbox escape they allow an attacker to execute arbitrary JavaScript code.
An attacker can inject AngularJS expressions that will be evaluated on the client-side. Normally AngularJS expressions are not very dangerous, but when combined with a sandbox escape they allow an attacker to execute arbitrary JavaScript code.
affects: | horizon → openstack-secaudit |
Changed in horizon: | |
importance: | Undecided → Critical |
Changed in horizon: | |
status: | Incomplete → New |
Let's not mark importance until its confirmed please :)