persistent xss possible - requires commit access

Bug #777804 reported by David
340
This bug affects 1 person
Affects Status Importance Assigned to Milestone
git (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: gitweb

I am reporting a persistent xss vector in gitweb, note this requires a
user to have commit access to a repository that gitweb is configured
to display. The vector is the fact that gitweb "serves" up xml files -
which can (just as gitweb does) embed html that could be used to
perform a cross-site scripting attack.

e.g. (lol.xml).
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
</head>
<script>alert(1);</script>
</html>

and viewed at http://$HOSTNAME/$PATH_TO_GITWEB/?p=lolok;a=blob_plain;f=lol.xml

CVE References

Changed in gitweb (Ubuntu):
assignee: nobody → Kees Cook (kees)
David (d--)
visibility: private → public
Revision history for this message
David (d--) wrote :

The requirement on commit access for this to be an issue vastly reduces the impact and severity of this issue.

visibility: public → private
Changed in gitweb (Ubuntu):
assignee: Kees Cook (kees) → nobody
visibility: private → public
Changed in gitweb (Ubuntu):
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting a bug and helping to make Ubuntu better. I have forwarded this information to the upstream authors and oss-security:
http://www.openwall.com/lists/oss-security/2011/06/03/7

affects: gitweb (Ubuntu) → git (Ubuntu)
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.