Activity log for bug #1892848

Date Who What changed Old value New value Message
2020-08-25 09:59:21 James Hill bug added bug
2020-08-25 09:59:21 James Hill attachment added Screenshot of the XSS running https://bugs.launchpad.net/bugs/1892848/+attachment/5404386/+files/XSS.jpg
2020-09-29 16:47:40 Jeremy Stanley description While testing v3.10 for a client, I found that there was Persistent XSS. This was performed by creating a network and then entering javascript into the subnet name. The user would then have to attach the network interface with the javascript present to an instance. After this when a user created a network bridge then the javascript would run. I only had one account when performing this test but believe it would run when other users where logged in using the same instance and network interface. ----------------------------------- Release: 0.0.1.dev215 on 2020-06-16 21:33:43 SHA: fbfe127c87f2e860efa7806eb9f6d6847d56ba07 Source: https://opendev.org/openstack/ossa/src/doc/source/ossa/OSSA-2014-023.rst URL: https://security.openstack.org/ossa/OSSA-2014-023.html This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments. This embargo shall not extend past 2020-12-28 and will be made public by or on that date even if no fix is identified. While testing v3.10 for a client, I found that there was Persistent XSS. This was performed by creating a network and then entering javascript into the subnet name. The user would then have to attach the network interface with the javascript present to an instance. After this when a user created a network bridge then the javascript would run. I only had one account when performing this test but believe it would run when other users where logged in using the same instance and network interface. ----------------------------------- Release: 0.0.1.dev215 on 2020-06-16 21:33:43 SHA: fbfe127c87f2e860efa7806eb9f6d6847d56ba07 Source: https://opendev.org/openstack/ossa/src/doc/source/ossa/OSSA-2014-023.rst URL: https://security.openstack.org/ossa/OSSA-2014-023.html
2020-09-29 16:48:00 Jeremy Stanley bug task added horizon
2020-09-29 16:50:12 Jeremy Stanley bug added subscriber Horizon Core security contacts
2020-09-29 16:51:37 Jeremy Stanley ossa: status New Incomplete
2020-10-26 21:21:13 Gage Hugo bug added subscriber Dan Ackerson
2020-10-26 21:21:31 Gage Hugo bug added subscriber Dorina Timbur
2020-10-26 21:33:17 Jeremy Stanley summary Persistent XSS found in the horizon dashboard v3.10 XSS in adding JavaScript into the ‘Subnet Name’ field
2020-11-12 09:22:49 Ivan Kolodyazhny horizon: assignee Ivan Kolodyazhny (e0ne)
2021-01-21 15:10:17 Jeremy Stanley description This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments. This embargo shall not extend past 2020-12-28 and will be made public by or on that date even if no fix is identified. While testing v3.10 for a client, I found that there was Persistent XSS. This was performed by creating a network and then entering javascript into the subnet name. The user would then have to attach the network interface with the javascript present to an instance. After this when a user created a network bridge then the javascript would run. I only had one account when performing this test but believe it would run when other users where logged in using the same instance and network interface. ----------------------------------- Release: 0.0.1.dev215 on 2020-06-16 21:33:43 SHA: fbfe127c87f2e860efa7806eb9f6d6847d56ba07 Source: https://opendev.org/openstack/ossa/src/doc/source/ossa/OSSA-2014-023.rst URL: https://security.openstack.org/ossa/OSSA-2014-023.html While testing v3.10 for a client, I found that there was Persistent XSS. This was performed by creating a network and then entering javascript into the subnet name. The user would then have to attach the network interface with the javascript present to an instance. After this when a user created a network bridge then the javascript would run. I only had one account when performing this test but believe it would run when other users where logged in using the same instance and network interface. ----------------------------------- Release: 0.0.1.dev215 on 2020-06-16 21:33:43 SHA: fbfe127c87f2e860efa7806eb9f6d6847d56ba07 Source: https://opendev.org/openstack/ossa/src/doc/source/ossa/OSSA-2014-023.rst URL: https://security.openstack.org/ossa/OSSA-2014-023.html
2021-01-21 15:10:36 Jeremy Stanley information type Private Security Public Security
2021-05-26 12:00:17 Vishal Manchanda horizon: status New Incomplete
2021-08-03 14:21:19 Jeremy Stanley cve linked 2014-3474
2021-08-03 14:22:19 Jeremy Stanley ossa: status Incomplete Invalid
2021-08-03 14:28:32 Jeremy Stanley ossa: status Invalid Incomplete